Vulnerability Details CVE-2023-27253
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.789
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 8.8
References
- http://packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.html
- https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94
- https://redmine.pfsense.org/issues/13935
- http://packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.html
- https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94
- https://redmine.pfsense.org/issues/13935