|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-06-01 | |
| Rule Name: | Electric Sheep Fencing pfSense 2.2.6 Command Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Electric Sheep Fencing pfSense is an open-source firewall and router operating system based on FreeBSD, providing a wide range of features and flexibility, suitable for various scale network environments. There is a command injection vulnerability in version 2.2.6 due to status_ Rrd_ Graph_ Img. PHP is unable to correctly validate graphic parameters, certain characters can escape filters, and allows for the construction and execution of shell commands. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Linux | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |