PT-2022-9194 · Unknown · Pfsense Plus+1

Yutaka Watanabe

Published

2022-03-31

Updated

2022-04-08

CVE-2021-20729

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions pfSense CE versions 2.5.2 and earlier pfSense Plus versions 21.05 and earlier

Description A cross-site scripting issue allows a remote attacker to inject an arbitrary script via a malicious URL. This enables the attacker to execute unauthorized actions on the affected system.

Recommendations For pfSense CE versions 2.5.2 and earlier, update to a version later than 2.5.2 to resolve the issue. For pfSense Plus versions 21.05 and earlier, update to a version later than 21.05 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable URLs to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-20729

Affected Products

Pfsense Ce

Pfsense Plus

PT-2022-9194 · Unknown · Pfsense Plus+1

CVE-2021-20729

Weakness Enumeration

Related Identifiers

Affected Products

References · 6