| Vulnerability Name: | CVE-2018-16055 (CCN-150577) | ||||||||||||
| Assigned: | 2018-08-28 | ||||||||||||
| Published: | 2018-08-28 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-16055 Source: MISC Type: Third Party Advisory https://doddsecurity.com/190/command-injection-on-pfsense-firewalls/ Source: XF Type: UNKNOWN pfsense-cve201816055-command-exec(150577) Source: CCN Type: pfSense-SA-18_08.webgui Authenticated Arbitrary Code Execution Source: CONFIRM Type: Mitigation, Vendor Advisory https://www.pfsense.org/security/advisories/pfSense-SA-18_08.webgui.asc Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-16055 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||