virus logo Intrusion Prevention

ESF.pfSense.CSRF.Error.Page.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Command Injection vulnerability in pfSense.
The vulnerability is due to an error when the vulnerable system handles a maliciously crafted HTTP request. An attacker can exploit this by injecting commands onto a request to execute arbitrary commands within the context of the application.

affected-products-logoAffected Products

pfSense 2.4.1 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes
ID 45167
Created Dec 29, 2017
Updated Aug 16, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Linux, BSD
Affected App Other