Numerous security Vulnerabilities in pfSense Firewall Software, the widely used open-source firewall solution developed by Netgate. These vulnerabilities pose a significant threat, allowing potential attackers to issue unauthorized commands to susceptible appliances.
[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing
The discovery by Sonar has identified two instances of mirrored cross-site scripting (XSS) bugs and one flaw related to command injection, all contributing to the existing security concerns.
Security researcher Oskar Zeino-Mahmalat highlighted, “Inside a local network, security is often less strict because network administrators trust their firewalls to keep them safe from attacks from outside the network.”
“Potential attackers could have used the discovered vulnerabilities to spy on traffic or attack services inside the local network.”
These vulnerabilities are applicable to pfSense CE 2.7.0 and earlier, as well as pfSense Plus 23.05.1 and earlier versions. An authenticated pfSense user, such as an admin, might unknowingly activate a command injection through a specially crafted URL containing an XSS payload.
Here is a short list of Identified Vulnerabilities:
- CVE-2023-42325 (CVSS score: 5.4):
Description: XSS vulnerability allows a remote attacker to gain elevated privileges by exploiting a specially crafted URL, providing unauthorized access to the status_logs_filter_dynamic.php page. - CVE-2023-42327 (CVSS score: 5.4):
Description: XSS vulnerability empowers remote attackers to enhance their privileges through a specially crafted URL, leading to unauthorized access to the getserviceproviders.php page. - CVE-2023-42326 (CVSS score: 8.8):
Description: The interfaces_gif_edit.php and interfaces_gre_edit.php components lack sufficient validation, enabling a remote attacker to execute arbitrary code by sending specially crafted requests.
Note: Reflected XSS attacks, also known as non-persistent attacks, occur when an attacker sends a malicious script to a vulnerable web service. The script is then returned in the HTTP response and executed on the victim’s web browser.
These attacks typically commence through meticulously crafted links concealed in phishing emails or on external websites, often nestled within comments or shared as links on social media posts. In the context of pfSense, threat actors can leverage these vulnerabilities to exploit the victim’s privileges, enabling unauthorized actions within the firewall.
“Because the pfSense process runs as root to be able to change networking settings, the attacker can execute arbitrary system commands as root using this attack,” said Zeino-Mahmalat.
The vulnerabilities were addressed in pfSense CE 2.7.1 and pfSense Plus 23.09, released last month, following responsible disclosure on July 3, 2023.
This comes shortly after Sonar flagged a remote code execution flaw (CVE-2023-36742, CVSS score: 7.8) in the integrated npm within Microsoft Visual Studio Code. Microsoft promptly addressed this issue as part of its September 2023 Patch Tuesday updates.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.