Vulnerability Details CVE-2022-26019
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.5
References
Products affected by CVE-2022-26019
-
cpe:2.3:a:netgate:pfsense:2.0
-
cpe:2.3:a:netgate:pfsense:2.0.1
-
cpe:2.3:a:netgate:pfsense:2.0.2
-
cpe:2.3:a:netgate:pfsense:2.0.3
-
cpe:2.3:a:netgate:pfsense:2.1.0
-
cpe:2.3:a:netgate:pfsense:2.1.1
-
cpe:2.3:a:netgate:pfsense:2.1.2
-
cpe:2.3:a:netgate:pfsense:2.1.3
-
cpe:2.3:a:netgate:pfsense:2.1.4
-
cpe:2.3:a:netgate:pfsense:2.1.5
-
cpe:2.3:a:netgate:pfsense:2.2
-
cpe:2.3:a:netgate:pfsense:2.2.1
-
cpe:2.3:a:netgate:pfsense:2.2.2
-
cpe:2.3:a:netgate:pfsense:2.2.3
-
cpe:2.3:a:netgate:pfsense:2.2.4
-
cpe:2.3:a:netgate:pfsense:2.2.5
-
cpe:2.3:a:netgate:pfsense:2.2.6
-
cpe:2.3:a:netgate:pfsense:2.3
-
cpe:2.3:a:netgate:pfsense:2.3.1
-
cpe:2.3:a:netgate:pfsense:2.3.2
-
cpe:2.3:a:netgate:pfsense:2.3.3
-
cpe:2.3:a:netgate:pfsense:2.3.4
-
cpe:2.3:a:netgate:pfsense:2.3.5
-
cpe:2.3:a:netgate:pfsense:2.4
-
cpe:2.3:a:netgate:pfsense:2.4.1
-
cpe:2.3:a:netgate:pfsense:2.4.2
-
cpe:2.3:a:netgate:pfsense:2.4.3
-
cpe:2.3:a:netgate:pfsense:2.4.4
-
cpe:2.3:a:netgate:pfsense:2.4.5
-
cpe:2.3:a:netgate:pfsense:2.5.0
-
cpe:2.3:a:netgate:pfsense:2.5.2
-
cpe:2.3:a:netgate:pfsense_plus:-
-
cpe:2.3:a:netgate:pfsense_plus:21.02
-
cpe:2.3:a:netgate:pfsense_plus:21.02.2
-
cpe:2.3:a:netgate:pfsense_plus:21.05
-
cpe:2.3:a:netgate:pfsense_plus:21.05.1
-
cpe:2.3:a:netgate:pfsense_plus:21.05.2