CVE-2018-4020
Last modified
CVE-2018-4020 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. EPSS estimates a 48.72% chance of exploitation in the next 30 days.
Description
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netgate | Pfsense | 2.4.4 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0690Exploit, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0690Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-4020?
How severe is CVE-2018-4020?
How do I fix CVE-2018-4020?
Are you affected by CVE-2018-4020?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST