Adrian Johnson
TLDR:
pfSense, a widely used open-source firewall software, has been found to be vulnerable to remote code execution attacks, particularly for installations using the pfBlockerNG package. The vulnerability, tracked as CVE-2022-31814, was identified during a routine security audit. Researchers discovered that the system was vulnerable to RCE due to discrepancies in Python and PHP versions. By adapting the exploit script to work with Python 2 and adjusting the PHP code, researchers successfully executed commands on the target server. Staying updated on security patches and community advisories is crucial for pfSense users to mitigate potential vulnerabilities.
A popular open-source firewall software pfSense vulnerability has been identified, allowing for remote code execution (RCE) attacks. The vulnerability, tracked as CVE-2022-31814, highlights potential risks in pfSense installations, particularly those using the pfBlockerNG package.
According to a laburity report, the vulnerability was uncovered during a routine security audit of a pfSense application. Initial exploit attempts failed due to discrepancies in Python and PHP versions. Researchers successfully executed commands on the target server by adapting the exploit to work with Python 2 and adjusting the PHP code.
This incident underscores the importance of understanding specific configurations and environments when conducting penetration tests and the need for flexibility and adaptability in security testing methodologies. Regular audits and staying updated on security patches are crucial for pfSense users to mitigate potential vulnerabilities.
