Security update: Attackers can push malicious code through pfSense firewall

Security update: Attackers can push malicious code through pfSense firewall

The developers of pfSense, an open source firewall with VPN function, have closed three security gaps in current versions. If attackers successfully use it, they can access the system and execute their own commands.

Rated Most Dangerous Vulnerability (CVE-2022-24299″High“) affects the webgui module. Remote, authenticated attackers can use special requests to the vpn_openvpn_server.php and vpn_openvpn_client.php pages and trigger errors due to a lack of checks. Ultimately, this allows attackers to use their own orders should be allowed to be executed.

By successfully exploiting the second vulnerability (CVE-20222-26019 “medium“), a remote attacker can overwrite files. Third vulnerability (CVE-2021-20729 “medium“) can cause the victims’ web browsers to run attacker scripts. Session cookies, for example, can leak through it.

Developers indicate versions Pfsense Plus 2.5.x, 21.05.x, 21.09, 22.01 And Pfsense CE 2.6.0 To secure against the described attacks.


(Of)

on home page

See also  Why is the validity of the monthly plan just 28 days? TRAI seeks clarification from telecom companies - Marathi News | Monthly plan validity for 28 days, why TRAI asks for clarification from telecom companies

LEAVE A REPLY

Please enter your comment!
Please enter your name here