CVE-2021-41282
CVSS V2 High 9
CVSS V3 High 8.8
Description
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
Overview
- CVE ID
- CVE-2021-41282
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-03-01T23:15:08
- Last Modified Date
- 2022-07-12T17:42:04
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:pfsense:pfsense:2.5.2:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 9
- Severity
- HIGH
- Exploitability Score
- 8
- Impact Score
- 10
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.8
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 5.9
References
Reference URL | Reference Tags |
---|---|
https://www.shielder.it/advisories/pfsense-remote-command-execution/ | Exploit Third Party Advisory |
https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html | Release Notes Third Party Advisory |
https://www.shielder.it/advisories/ | Third Party Advisory |
http://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-41282 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41282 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 15:46:49 | Added to TrackCVE | |||
2022-12-06 11:05:50 | 2022-03-01T23:15Z | 2022-03-01T23:15:08 | CVE Published Date | updated |
2022-12-06 11:05:50 | 2022-07-12T17:42:04 | CVE Modified Date | updated | |
2022-12-06 11:05:50 | Analyzed | Vulnerability Status | updated |