CVE-2023-27253

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netgate pfSense version 2.7.0

Description A command injection issue in the restore rrddata() function allows authenticated attackers to execute arbitrary commands by manipulating the contents of an XML file supplied to the config.xml component.

Recommendations For Netgate pfSense version 2.7.0, consider disabling the restore rrddata() function until a patch is available to prevent exploitation. Restrict access to the config.xml component to minimize the risk of command injection attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2023-27253

Affected Products

Pfsense

CVE-2023-27253

Weakness Enumeration

Related Identifiers

Affected Products

References · 9