CVE-2023-42326

Name of the Vulnerable Software and Affected Versions Netgate pfSense version 2.7.0

Description An issue in Netgate pfSense allows a remote attacker to execute arbitrary code via a crafted request to the interfaces gif edit.php and interfaces gre edit.php components. This is due to the lack of measures to neutralize special elements, which can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For Netgate pfSense version 2.7.0, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the interfaces gif edit.php and interfaces gre edit.php components until a patch is available. Avoid using these components in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.