Security update: Attackers can push malicious code through pfSense firewall

Security update: Attackers can push malicious code through pfSense firewall

The developers of pfSense, an open source firewall with VPN function, have closed three security gaps in current versions. If attackers successfully use it, they can access the system and execute their own commands.

Rated Most Dangerous Vulnerability (CVE-2022-24299″High“) affects the webgui module. Remote, authenticated attackers can use special requests to the vpn_openvpn_server.php and vpn_openvpn_client.php pages and trigger errors due to a lack of checks. Ultimately, this allows attackers to use their own orders should be allowed to be executed.

By successfully exploiting the second vulnerability (CVE-20222-26019 “medium“), a remote attacker can overwrite files. Third vulnerability (CVE-2021-20729 “medium“) can cause the victims’ web browsers to run attacker scripts. Session cookies, for example, can leak through it.

Developers indicate versions Pfsense Plus 2.5.x, 21.05.x, 21.09, 22.01 And Pfsense CE 2.6.0 To secure against the described attacks.


(Of)

on home page

See also  The good news Apple Music now runs on PS5. GamingDose

LEAVE A REPLY

Please enter your comment!
Please enter your name here