PT-2023-11591 · Unknown+1 · Acme Package+1
Published
2023-04-04
·
Updated
2023-04-10
·
CVE-2020-21487
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
pfSense version 2.4.4
ACME package version 0.6.3
Description
A Cross Site Scripting issue allows attackers to execute arbitrary code via the
RootFolder field of "acme certificates.php".Recommendations
For pfSense version 2.4.4, update the ACME package to a version that fixes this issue.
For ACME package version 0.6.3, avoid using the
RootFolder field in the "acme certificates.php" until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acme Package
Pfsense