Directory Traversal Vulnerability in Pfsense and Suricata
CVE-2020-19678

7.5HIGH

Key Information:

Vendor: Oisf
Status: Suricata; Suricata Package; Pfsense
Vendor: CVE Published:; 6 April 2023

What is CVE-2020-19678?

A directory traversal vulnerability exists within Pfsense version 2.1.3 and Suricata package version 1.4.6, specifically affecting the suricata_logs_browser.php file. This vulnerability enables remote attackers to exploit the file parameter, potentially gaining unauthorized access to sensitive files on the system. If exploited, this flaw can lead to the exposure of confidential data, making it essential for users to implement updates and mitigate risk.

References

http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-1...

https://github.com/pfsense/pfsense-packages/commit/59ed34...

https://pastebin.com/8dj59053

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2023
Vulnerability Reserved
Aug 13, 2020

Oisf

What is CVE-2020-19678?

References

CVSS V3.1

Timeline