Remote Code Execution in pfSense

Remote Code Execution in pfSense <= 2.5.2

Remote Code Execution (RCE) in pfSense Summary pfSense allows authenticated users to get information about the routes set in the firewall. The information are retrieved by executing the netstat utility and then its output is parsed via the sed utility. While the common prevention patterns for command injections (i.e. the usage of the escapeshellarg function for the arguments) are in use, …

Remote Code Execution in pfSense <= 2.5.2 Read More »