Vulnerability Management, Threat Intelligence

RCE attacks could impact most internet-exposed pfSense instances

Share

More than 92% of internet-exposed instances of the pfSense open-source firewall and router software could be compromised to achieve remote code execution by chaining the reflective XSS vulnerabilities, tracked as CVE-2023-42325 and CVE-2023-42327, as well as the command injection bug, tracked as CVE-2023-42326, all of which have already been addressed by Netgate, according to BleepingComputer. Brazil, the U.S., Russia, France, and Malaysia accounted for most of the vulnerable pfSense instances, noted SonarSource researchers, who cited a Shodan scan. Attackers could leverage CVE-2023-42325 or CVE-2023-42327 to facilitate malicious JavaScript execution to hijack pfSense sessions, while the more severe CVE-2023-42326 flaw could be used to allow additional command injections for threat actors with interface editing permission access. Widespread use of pfSense software suggests a significant attack surface, which threat actors with elevated privileges could exploit to facilitate data breaches and lateral network movement.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.