Cross Site Scripting in Netgate pfSense Affects Remote Access Management
CVE-2023-42327

5.4MEDIUM

Key Information:

Vendor

Netgate

Status
Pfsense
Vendor
CVE Published:
14 November 2023

Badges

🟣 EPSS 48%πŸ“° News Worthy

What is CVE-2023-42327?

A Cross Site Scripting (XSS) vulnerability exists in Netgate pfSense version 2.7.0, enabling a remote attacker to manipulate web requests to the getserviceproviders.php page. By sending a crafted URL, the attacker can exploit this vulnerability to gain unauthorized privileges, potentially compromising the integrity of the network management interface.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

favicon imageSC Media

RCE attacks could impact most internet-exposed pfSense instances

More than 92% of internet-exposed instances of the pfSense open-source firewall and router software could be compromised to achieve remote code execution by chaining the reflective XSS vulnerabilities, tracked as CVE-2023-42325 and CVE-2023-42327, as well as the command injection bug, tracked as CVE...

References

https://docs.netgate.com/downloads/pfSense-SA-23_08.webgu...
https://www.sonarsource.com/blog/pfsense-vulnerabilities-...

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ“°

    First article discovered by SC Media

  • Vulnerability published

  • Vulnerability Reserved

JSON
.