The open-source Netgate pfSense firewall solution has been found to have multiple security vulnerabilities [6], which could potentially allow attackers to execute arbitrary commands on vulnerable devices [6]. These vulnerabilities are particularly concerning due to the fact that pfSense processes run as root, granting root-level access to executed system commands.

Description

The Netgate pfSense firewall solution has been identified to have two reflected cross-site scripting (XSS) bugs and one command injection flaw. These vulnerabilities were discovered by Sonar and can be exploited by tricking an authenticated pfSense user into clicking on a specially crafted URL [1]. The impacted versions include pfSense CE 2.7.0 and below, as well as pfSense Plus 23.05.1 and below [1] [2] [3] [4] [5] [6] [7].

To address these vulnerabilities [1] [6] [7], the pfSense team has released pfSense CE 2.7.1 and pfSense Plus 23.09 [5]. It is crucial for network administrators and cybersecurity professionals to regularly update their software and actively manage vulnerabilities to ensure network security.

Furthermore, it has been found that the command injection bug (CVE-202342326) and the reflected XSS vulnerabilities (CVE-202342325 and CVE-202342327) can be chained together to compromise numerous internet-exposed instances of pfSense [5]. This poses a significant risk [5], as it could enable lateral network movement and data breaches [5].

The majority of vulnerable instances were discovered in Brazil [5], the United States [5], Russia [5], France [5], and Malaysia [5]. This highlights the global impact and widespread nature of these vulnerabilities.

Conclusion

The identified vulnerabilities in the Netgate pfSense firewall solution have serious implications for network security. It is essential for network administrators and cybersecurity professionals to stay informed and proactive in safeguarding digital assets and infrastructure. Regular software updates and vulnerability management are crucial in mitigating the risks associated with these vulnerabilities. The global distribution of vulnerable instances emphasizes the need for a coordinated effort to address and mitigate these security issues.

References

[1] https://flyytech.com/2023/12/17/new-security-vulnerabilities-uncovered-in-pfsense-firewall-software/
[2] https://mrhacker.co/vulnerabilities/new-security-vulnerabilities-uncovered-in-pfsense-firewall-software-patch-now
[3] https://owasp.or.id/2023/12/15/new-security-vulnerabilities-uncovered-in-pfsense-firewall-software/
[4] https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html
[5] https://virtualattacks.com/your-pfsense-firewall-software-is-vulnerable-to-rce-attacks-patch-now/
[6] https://xpresshack.com/hackers-exploit-new-security-flaws-in-pfsense-firewall-software-update-immediately/
[7] https://securityaffairs.com/155905/security/pfsense-firewall-flaws.html