Vulnerability Name: | CCN-135316 | ||||||
Published: | 2017-11-22 | ||||||
Updated: | 2017-11-22 | ||||||
Summary: | pfSense allow a remote attacker to hijack the clicking action of the victim, caused by a flaw in the WebGUI. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's clicking actions from the system. | ||||||
CVSS v3 Severity: | 4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) 4.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C)
| ||||||
CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||
Vulnerability Consequences: | Gain Access | ||||||
References: | Source: CCN Type: Full-Disclosure Mailing List, Wed, 22 Nov 2017 18:38:38 +0100 bugtraq () securityfocus com Source: XF Type: UNKNOWN pfsense-webgui-clickjacking(135316) Source: CCN Type: Packet Storm Security [12-13-2017] pfSense 2.4.1 CSRF Error Page Clickjacking Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [12-14-2017] Source: CCN Type: pfSense Web site pfSense® - World's Most Trusted Open Source Firewall | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |