CVE-2015-6510

Name of the Vulnerable Software and Affected Versions pfSense versions prior to 2.2.3

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to different PHP files. The affected parameters include srctrack, use mfs tmp size, use mfs var size, port, snaplen, count, pppoe resethour, pppoe resetminute, wpa group rekey, wpa gmk rekey, member[], pkgrepourl, zone, cache max ttl, cache min ttl, sshport, id, tunable, descr, value, firmwareurl, repositoryurl, branch, pfsyncpeerip, synchronizetoip, username, passwordfld, maxmss, ntp server1, ntp server2, wins server1, and wins server2. The API endpoints affected include "system advanced misc.php", "diag packet capture.php", "interfaces.php", "interfaces ppps edit.php", "interfaces qinq edit.php", "load balancer pool edit.php", "pkg mgr settings.php", "services captiveportal.php", "services dnsmasq.php", "services unbound.php", "services unbound advanced.php", "system advanced admin.php", "system advanced sysctl.php", "system firmware settings.php", "system hasync.php", "vpn ipsec settings.php", and "vpn openvpn csc.php".

Recommendations For pfSense versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints and parameters until a patch is available. Avoid using the specified parameters in the affected API endpoints until the issue is resolved.