Hackers Exploit New Security Flaws in pfSense Firewall

Software - Update Immediately

Understanding the Latest Security Vulnerabilities in pfSense

The open-source Netgate pfSense firewall solution, a popular tool for

network security, has been found to contain multiple security
vulnerabilities. These flaws, if exploited, could allow attackers to execute
arbitrary commands on vulnerable devices.

Identifying the Flaws in pfSense Recent findings from Sonar have

revealed two key types of vulnerabilities in pfSense:

 Reflected Cross-Site Scripting (XSS) Bugs

 Command Injection Flaw

These vulnerabilities impact pfSense CE 2.7.0 and below, and pfSense Plus
23.05.1 and below. Security researcher Oskar Zeino-Mahmalat highlights
the risks posed by these vulnerabilities, especially within local networks
where security may be more relaxed.

Details of the Discovered Vulnerabilities The specific vulnerabilities

discovered in pfSense include:

 CVE-2023-42325 (CVSS score: 5.4) - An XSS vulnerability that allows a remote attacker to gain
privileges via a crafted url to the status_logs_filter_dynamic.php page.
 CVE-2023-42327 (CVSS score: 5.4) - An XSS vulnerability that allows a remote attacker to gain
privileges via a crafted URL to the getserviceproviders.php page.
  CVE-2023-42326 (CVSS score: 8.8) - A lack of validation that allows a remote attacker to
execute arbitrary code via a crafted request to the interfaces_gif_edit.php and
interfaces_gre_edit.php components.

Reflected XSS attacks, also called non-persistent attacks, occur when an attacker delivers a
malicious script to a vulnerable web application, which is then returned in the HTTP response
and executed on the victim's web browser.

Mechanics of the Attacks Reflected XSS attacks, also known as

non-persistent attacks, involve delivering a malicious script to a
vulnerable web application. The application then returns this
script in the HTTP response, which is executed in the victim's web
browser. In pfSense's case, attackers could manipulate these
vulnerabilities by tricking an authenticated user into clicking a
URL containing an XSS payload, leading to command injection.

Potential Impacts and Risks These vulnerabilities could be

used by attackers to spy on traffic or attack services within the
local network. The severity is heightened by the fact that pfSense
processes run as root, allowing executed system commands to
have root-level access.

Response and Remediation Following a responsible disclosure

on July 3, 2023, the pfSense team addressed these issues in the
releases of pfSense CE 2.7.1 and pfSense Plus 23.09. This
proactive response underscores the importance of regular
software updates and vulnerability management in maintaining
network security.

Broader Context: Recent Trends in Software Security The

discovery in pfSense comes on the heels of other significant
security findings, such as the remote code execution flaw in
Microsoft Visual Studio Code's npm integration (CVE-2023-36742,
CVSS score: 7.8). These trends highlight the ongoing challenges in
software security and the need for continuous vigilance by
developers, administrators, and users.

Conclusion: Navigating the Evolving Landscape of

Cybersecurity The vulnerabilities found in pfSense serve as a
reminder of the complexities in securing network infrastructure.
With the landscape of cyber threats continually evolving, staying
informed and proactive is crucial for network administrators and
cybersecurity professionals. Regular updates, awareness of
emerging threats, and adherence to best security practices
remain key in safeguarding digital assets and infrastructure.