Netgate: >> Pfsense >> 2.7.0 Security Vulnerabilities
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
CVSS Score
8.8
EPSS Score
0.556
Published
2023-12-06
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
CVSS Score
8.8
EPSS Score
0.833
Published
2023-11-14
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
CVSS Score
5.4
EPSS Score
0.483
Published
2023-11-14
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
CVSS Score
5.4
EPSS Score
0.483
Published
2023-11-14
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
CVSS Score
8.8
EPSS Score
0.789
Published
2023-03-17