A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.html | |
https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94 | Patch |
https://redmine.pfsense.org/issues/13935 | Issue Tracking Patch Vendor Advisory |
Configurations
History
13 Jul 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Mar 2023, 14:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-91 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94 - Patch | |
References | (MISC) https://redmine.pfsense.org/issues/13935 - Issue Tracking, Patch, Vendor Advisory | |
CPE | cpe:2.3:a:netgate:pfsense:2.7.0:*:*:*:*:*:*:* |
17 Mar 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-17 22:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-27253
Mitre link : CVE-2023-27253
CVE.ORG link : CVE-2023-27253
JSON object : View
Products Affected
netgate
- pfsense
CWE
CWE-91
XML Injection (aka Blind XPath Injection)