Lucene search

Japan Vulnerability NotesJVN:85572374

HistoryMar 03, 2022 - 12:00 a.m.

JVN#85572374: pfSense-pkg-WireGuard vulnerable to directory traversal

2022-03-0300:00:00

Japan Vulnerability Notes

jvn.jp

pfsense

wireguard

directory traversal

cwe-22

update

private folders

privilege escalation

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

42.5%

JSON

pfSense-pkg-WireGuard provided by pfSense is an add-on package for pfSense CE and pfSense Plus.
pfSense-pkg-WireGuard contains a directory traversal vulnerability (CWE-22).

Impact

pfSense users may view files in the private folders which they do not have privileges to access.

Solution

Update the add-on package
Update the add-on package to the latest version according to the information provided by the developer.

Products Affected

pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4
pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

42.5%

JSON

Related for JVN:85572374