8.8

CVE-2017-1000479

Exploit
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgatePfsense Version <= 2.4.1
Opnsense ProjectOpnsense Version < 16.1.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 32.77% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://www.openwall.com/lists/oss-security/2017/11/22/7
Third Party Advisory
Exploit
Mailing List
https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes
Vendor Advisory
Issue Tracking
https://github.com/opnsense/core/commit/d218b225
Patch
Third Party Advisory
https://github.com/pfsense/pfsense/commit/386d89b07
Patch
Third Party Advisory
https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html
Third Party Advisory
https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html
Third Party Advisory
Exploit