pfSense DHCP Script Injection Vulnerability

    Type

  • pfSense – DHCP Script Injection Vulnerability

    • Severity

  • High

    • Affected products

  • pfSense Open Source Firewall

    • Date

  • 2008-07-28

    • CVE Reference

  • N/A

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. As a result of the research conducted to produce the paper Behind Enemy Lines it was discovered that the pfSense firewall 1.0.1 administrative web interface is vulnerable to a DHCP script injection attack. An attack could be crafted to execute commands on the target system with root privileges through the exec.php script provided by the administrative web interface. To resolve this vulnerability it is recommended that the software be upgraded to the latest available version.