CVE-2018-16055

Name of the Vulnerable Software and Affected Versions pfSense versions prior to 2.4.4

Description The issue arises from an authenticated command injection vulnerability in the status interfaces.php file, specifically through the dhcp relinquish lease() function. This function passes user input from the ifdescr and ipv variables in the $ POST parameters to a shell without properly escaping the contents. As a result, an authenticated WebGUI user with sufficient privileges can execute commands as the root user by submitting a request to relinquish a DHCP lease for an interface configured to obtain its address via DHCP.

Recommendations For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the status interfaces.php page and the dhcp relinquish lease() function to minimize the risk of exploitation. Avoid using the ifdescr and ipv variables in the affected API endpoint until the issue is resolved.