RCE attacks could impact most internet-exposed pfSense instances

More than 92% of internet-exposed instances of the pfSense open-source firewall and router software could be compromised to achieve remote code execution by chaining the reflective XSS vulnerabilities, tracked as CVE-2023-42325 and CVE-2023-42327, as well as the command injection bug, tracked as CVE-2023-42326, all of which have already been addressed by Netgate, according to BleepingComputer. Brazil, the U.S., Russia, France, and Malaysia accounted for most of the vulnerable pfSense instances, noted SonarSource researchers, who cited a Shodan scan. Attackers could leverage CVE-2023-42325 or CVE-2023-42327 to facilitate malicious JavaScript execution to hijack pfSense sessions, while the more severe CVE-2023-42326 flaw could be used to allow additional command injections for threat actors with interface editing permission access. Widespread use of pfSense software suggests a significant attack surface, which threat actors with elevated privileges could exploit to facilitate data breaches and lateral network movement.