Over 1,450 pfSense servers exposed to RCE attacks via bug chain

Over 1,450 pfSense servers exposed to RCE attacks via bug chain

December 12, 2023 at 09:57AM

Around 1,450 pfSense instances online are vulnerable to command injection and cross-site scripting flaws, potentially allowing remote code execution. SonarCloud’s researchers discovered these flaws in mid-November, affecting older versions of pfSense. Netgate released security updates in November, but as of now, the majority of instances remain vulnerable, posing a significant risk.

From the meeting notes, it’s clear that approximately 1,450 pfSense instances remain vulnerable to command injection and cross-site scripting flaws that, if exploited together, could lead to remote code execution on the appliance. The vulnerabilities impact both pfSense Community Edition 2.7.0 and older, as well as pfSense Plus 23.05.01 and older.

The CVEs tracked for these flaws are CVE-2023-42325 (XSS), CVE-2023-42327 (XSS), and CVE-2023-42326 (command injection). The command injection flaw is particularly severe, with a CVSS score of 8.8, allowing attackers to execute commands with root privileges if they have interface editing permissions and are able to chain the vulnerabilities.

Netgate, the vendor of pfSense, has released security updates to address these flaws (pfSense Plus 23.09 and pfSense CE 2.7.1), but despite this, nearly 1,500 pfSense instances are still vulnerable to attacks. This leaves a significant attack surface and poses a danger, especially for large enterprises using this software.

It’s important to take immediate action to ensure that the security updates are applied to mitigate the risk of exploitation and potential compromise of sensitive internal resources.

These findings from the meeting notes highlight the urgency for organizations using pfSense to prioritize patching and updating their systems to prevent potential data breaches and unauthorized access to their networks.

Full Article