Published: 01/03/2022 Updated: 12/07/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 940

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pfsense pfsense 2.5.2

This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface (CVE-2021-41282) The vulnerability affects versions 252 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege This module uses the vulnerability to create a web shell and exec ...

This module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface (CVE-2021-41282) The vulnerability affects versions <= 252 and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege This module uses the vulnerability to c ...

This module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface (CVE-2021-41282). The vulnerability affects versions <= 2.5.2 and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module uses the vulnerability to create a web shell and execute payloads with root privileges.

msf > use exploit/unix/http/pfsense_diag_routes_webshell
msf exploit(pfsense_diag_routes_webshell) > show targets
    ...targets...
msf exploit(pfsense_diag_routes_webshell) > set TARGET < target-id >
msf exploit(pfsense_diag_routes_webshell) > show options
    ...show and set options...
msf exploit(pfsense_diag_routes_webshell) > exploit

pfSense RCE Tool for CVE-2021-41282 A tool for CTFs or Penetration Tests that can be used to help exploit CVE-2021-41282 on pfSense routers running version <= 252 Payload based on the PoC published by Shielder Known issues: When sending a command to the pfSense router, the return key has to be pressed twice to get the output This may get fixed later on If anyone k

CWE-74 https://www.shielder.it/advisories/pfsense-remote-command-execution/https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html https://www.shielder.it/advisories/http://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html https://nvd.nist.gov https://github.com/bantahacka/pfsense_2021-41282 https://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_diag_routes_webshell/

CVE-2021-41282

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect