pfSense pfBlocker-NG - Remote Code Execution (CVE-2022-31814)
- Severity
- CVSSv3 Score
- 9.8
- Exploitable with Sniper
- Yes
- Vulnerability description
pfSense is affected by a Remote Code Execution, located in the
/pfblockerng/www/index.php endpoint. The root cause of this vulnerability consists in insufficient sanitization in the Host header. This allows a malicious unauthenticated attacker to execute arbitrary code on the server through payloads sent in the Host header.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the pfSense server in order to steal confidential information, install ransomware or pivot to the internal network.
- Recommendation
Upgrade the pfBlocker-NG package to the latest version or to a version greater than 2.1.4_26.
- References
https://nvd.nist.gov/vuln/detail/CVE-2022-31814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31814
- Detectable with
- Network Scanner
- Vuln date
- May 2021
- Published at
- Updated at
- Software Type
- Firewall
- Vendor
- Rubicon Communications
- Product
- pfBlocker-NG Package
- Codename
- Not available