Vulnerabilities > Netgate > Pfsense Plus

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-12-06 CVE-2023-48123 Unspecified vulnerability in Netgate Pfsense and Pfsense Plus
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
network
low complexity
netgate
8.8
2023-11-14 CVE-2023-42326 Command Injection vulnerability in Netgate Pfsense and Pfsense Plus
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
network
low complexity
netgate CWE-77
8.8
2022-03-31 CVE-2021-20729 Cross-site Scripting vulnerability in multiple products
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
4.3
2022-03-31 CVE-2022-24299 Improper Input Validation vulnerability in Netgate Pfsense and Pfsense Plus
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
network
low complexity
netgate CWE-20
6.5
2022-03-31 CVE-2022-26019 Path Traversal vulnerability in Netgate Pfsense and Pfsense Plus
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
network
low complexity
netgate CWE-22
8.8