Monday, 24 December 2018

Popular Open Source Firewall / Router OS Netgate pfSense Can Be Hacked Remotely



Source:- Cisco Talos Intelligence
pfSense is an open source firewall/router computer software distribution based on FreeBSD developed by Netgate. A researcher named Brandon Stultz member of Cisco’s Talos Intelligence group discovered remote command injection vulnerability in pfSense software.
pfSense is popular because it can be installed on a physical computer or a virtual machine ( VM Ware, etc., ) or it can be also deployed on cloud such as AWS or Azure to make a dedicated firewall/router for a network. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.

Because of 
open source & it’s highly user friendly features more than 1,000,000+ organizations such as Businesses, Governments and Higher Educational Institutions are using Netgate pfSense software.
What is Netgate pfSense RCE vulnerability...?
Vulnerability found in one of the .php file named system_advanced_misc.php which has been using in administration Web Interface of Netgate pfSense CE 2.4.4-RELEASE.
Three exploitable command injection vulnerabilities exist in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface in order to abuse these vulnerabilities.
When processing requests to /system_advanced_misc.php , the firewall does not properly sanitize the three POST parameters viz; powerd_normal_mode , powerd_ac_mode  & powerd_battery_mode.  Thus, command injection is possible in this post parameter.
  • CVE-2018-4019 - powerd_normal_mode POST parameter
  • CVE-2018-4020 - powerd_ac_mode POST parameter
  • CVE-2018-4021 - powerd_battery_mode POST parameter
CVE NUMBER :- CVE-2018-4019, CVE-2018-4020, CVE-2018-4021
CVSSv3 Score:- 7.2 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Brandon reported this vulnerability to Vendor on 2018-10-23 & publically disclosed on 2018-12-03, however still it is unclear whether pfSense patched this vulnerability or not.


Share this post & Comment below your suggestion

http://www.arizonainfotech.com/cisco_certified_network_associate_ccna_training_institute_in_pune_best_course_in_india.php




Posted by on
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)