virus logo Intrusion Prevention

ESF.pfSense.Graph.PHP.Command.Injection

description-logoDescription

This indicates an attack attempt against a remote Command Execution vulnerability in ESF pfSense.
The vulnerability is due to an improper validation of graph HTTP parameter by status_rrd_graph_img.php. A remote attacker can exploit this to execute arbitrary commands via a crafted HTTP request.

affected-products-logoAffected Products

Electric Sheep Fencing pfSense prior to 2.3

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary commands with root privileges.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the website.
https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

39709
ID 42371
Created May 11, 2016
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS All
Affected App PHP_app