CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-4689

Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.6%

CVSS Severity

CVSS v2 Score 5.0

References

https://pfsense.org/security/advisories/pfSense-SA-14_11.webgui.asc
https://pfsense.org/security/advisories/pfSense-SA-14_11.webgui.asc

Products affected by CVE-2014-4689

Netgate » Pfsense » Version: 2.0

cpe:2.3:a:netgate:pfsense:2.0
Netgate » Pfsense » Version: 2.0.1

cpe:2.3:a:netgate:pfsense:2.0.1
Netgate » Pfsense » Version: 2.0.2

cpe:2.3:a:netgate:pfsense:2.0.2
Netgate » Pfsense » Version: 2.0.3

cpe:2.3:a:netgate:pfsense:2.0.3
Netgate » Pfsense » Version: 2.1.0

cpe:2.3:a:netgate:pfsense:2.1.0
Netgate » Pfsense » Version: 2.1.1

cpe:2.3:a:netgate:pfsense:2.1.1
Netgate » Pfsense » Version: 2.1.2

cpe:2.3:a:netgate:pfsense:2.1.2
Netgate » Pfsense » Version: 2.1.3

cpe:2.3:a:netgate:pfsense:2.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-4689

Products

Pricing

Contact Us