Cross Site Scripting (XSS) Vulnerability in pfSense v.2.7.0 Allows Remote Attacker to Gain Privileges
CVE-2023-42325

5.4MEDIUM

Key Information:

Vendor

Netgate

Status
Pfsense
Vendor
CVE Published:
14 November 2023

Badges

πŸ‘Ύ Exploit Exists🟣 EPSS 48%πŸ“° News Worthy

What is CVE-2023-42325?

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

favicon imageGBHackers News

Over 1,450 pfSense Servers Exposed RCE Attacks via Bug Chain

Researchers discovered two vulnerabilities in pfSense servers CE related to Cross-Site Scripting (XSS) and Command Injection.

favicon imageSC Media

RCE attacks could impact most internet-exposed pfSense instances

More than 92% of internet-exposed instances of the pfSense open-source firewall and router software could be compromised to achieve remote code execution by chaining the reflective XSS vulnerabilities, tracked as CVE-2023-42325 and CVE-2023-42327, as well as the command injection bug, tracked as CVE...

References

https://docs.netgate.com/downloads/pfSense-SA-23_09.webgu...
https://www.sonarsource.com/blog/pfsense-vulnerabilities-...

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by SC Media

  • Vulnerability published

  • Vulnerability Reserved

JSON
.