Vigil@nce - pfSense: privilege escalation via Web
July 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use the administration Web interface
of pfSense, in order to escalate his privileges.
Impacted products: pfSense.
Severity: 2/4.
Creation date: 26/05/2016.
DESCRIPTION OF THE VULNERABILITY
The pfSense product includes a Web based administration interface.
Some pages like "diag_smart.php" and "diag_routes.php" are usable
by privileged users. However, they allow to make the web server
run user chosen commands with the privileges of the root account.
An authenticated attacker can therefore use the administration Web
interface of pfSense, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/pfSense-privilege-escalation-via-Web-19708