An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP.
References
Link | Resource |
---|---|
https://doddsecurity.com/190/command-injection-on-pfsense-firewalls/ | Third Party Advisory |
https://www.pfsense.org/security/advisories/pfSense-SA-18_08.webgui.asc | Mitigation Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-09-26 22:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-16055
Mitre link : CVE-2018-16055
CVE.ORG link : CVE-2018-16055
JSON object : View
Products Affected
netgate
- pfsense
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')