A critical security vulnerability has been discovered in pfSense version 2.5.2, potentially allowing attackers to execute arbitrary code on affected systems.
The flaw, identified as CVE-2024-46538, is a stored cross-site scripting (XSS) vulnerability that could be exploited to achieve remote code execution (RCE).
The vulnerability stems from insufficient input validation in the interfaces_groups_edit.php file, where user-supplied data is stored in the $pconfig variable without proper sanitization.
This allows malicious actors to inject and store arbitrary JavaScript code executed when an administrator views the affected page.
Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs
Security researchers have published a proof-of-concept (PoC) exploit demonstrating how the vulnerability can be leveraged to gain unauthorized access and execute system commands. The attack scenario involves two stages:
1. An attacker with limited privileges (WebCfg – Interfaces: Groups: Edit) injects malicious JavaScript code into the interface group’s configuration.
2. When an administrator with higher privileges views the compromised page, the stored JavaScript executes, potentially leading to remote code execution via the diag_command.php endpoint.
The published PoC by EQST Lab includes a Python script that automates the exploitation process, allowing attackers to easily craft and inject malicious payloads. This development significantly increases the risk for pfSense users still running vulnerable versions.
Netgate, the company behind pfSense, has addressed this vulnerability in subsequent releases. Users are strongly advised to upgrade to pfSense CE 2.7.1 or pfSense Plus 23.09 or later versions to mitigate the risk.
This incident highlights the importance of proper input validation and output encoding in web applications, especially for security-critical systems like firewalls.
It also underscores the need for regular security audits and prompt patching to address newly discovered vulnerabilities.
Organizations using pfSense are urged to assess their exposure, apply the necessary updates, and review their firewall configurations for any signs of compromise.
Additionally, implementing defense-in-depth strategies, such as network segmentation and least privilege access, can help minimize the potential impact of such vulnerabilities.
As the security landscape evolves, staying vigilant and maintaining up-to-date systems remains crucial for protecting against emerging threats and vulnerabilities like CVE-2024-46538.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!