IHTeam undertook an independent security assessment of pfsense’s pfBlockerNG plugin version 2.1.4_26 and identified the RCE vulnerability.
Vulnerability
- Unauthenticated Remote Command Execution as root (CVE-2022-31814)
IHTeam identified a remote command execution vulnerability in pfBlockerNG <= 2.1.4_26 that can be exploited from an unauthenticated perspective.
Being the web server run by the root user, the impact of this vulnerability is critical, with a CVSS 3.0 score of 9.8
Exploit
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings