Securing Networks: Addressing pfSense Vulnerabilities
In recent findings by Sonar, critical security vulnerabilities have emerged within the widely-used open-source Netgate pfSense firewall solution, potentially exposing susceptible appliances to unauthorized command execution. These pfSense vulnerabilities, comprising two reflected cross-site scripting (XSS) bugs and one command injection flaw, pose a serious threat to the security of local networks.
The pfSense Vulnerabilities
Security researcher Oskar Zeino-Mahmalat emphasized the significance of addressing vulnerabilities within local networks, where a false sense of security often prevails due to the reliance on firewalls for protection against remote attacks. The discovered firewall software vulnerabilities in pfSense, affecting versions CE 2.7.0 and below, as well as pfSense Plus 23.05.1 and below, underscore the need for immediate attention.
Vulnerability Overview
Given below are the three vulnerabilities that were discovered:
- CVE-2023-42325 (CVSS score: 5.4) – Status Logs XSS Vulnerability – An XSS vulnerability in status_logs_filter_dynamic.php enables a remote attacker to gain privileges through a specially crafted URL, potentially leading to unauthorized access.
- CVE-2023-42327 (CVSS score: 5.4) – Service Providers XSS Vulnerability – The getserviceproviders.php page is susceptible to an XSS vulnerability, allowing a remote attacker to gain privileges by exploiting a crafted URL, posing a risk of unauthorized actions.
- CVE-2023-42326 (CVSS score: 8.8) – Interfaces Code Execution Flaw – A lack of validation in interfaces_gif_edit.php and interfaces_gre_edit.php components opens the door for a remote attacker to execute arbitrary code, presenting a critical risk to system security.
These pfSense security issues can be weaponized by tricking an authenticated pfSense user, typically an administrator, into clicking on a specifically crafted URL. This URL, containing an XSS payload, triggers command injection, allowing attackers to compromise the firewall’s integrity.
Reflected XSS Attacks
Reflected XSS attacks, also known as non-persistent attacks, occur when an attacker injects a malicious script into a vulnerable web application. The script is then returned in the HTTP response and executed on the victim’s web browser. In the case of network security flaws in pfSense, this type of attack enables threat actors to perform actions within the firewall using the victim’s permissions.
Cybersecurity Risks with pfSense
Given that the pfSense process runs with root privileges to modify networking settings, successful exploitation of these vulnerabilities grants attackers the ability to execute arbitrary system commands as root. This underscores the severity of the threat, as unauthorized access at this level poses a significant risk to the overall security of the network.
Mitigation and Resolution
Following a responsible disclosure on July 3, 2023, the identified critical vulnerabilities in pfSense have been promptly addressed in pfSense CE 2.7.1 and pfSense Plus 23.09, released last month. Network administrators and users are strongly advised to update their pfSense installations to the latest versions and follow the best practices for pfSense security to mitigate the risks posed by these vulnerabilities.
Lessons from Recent Incidents
The revelation of these open-source firewall vulnerabilities follows closely on the heels of Sonar’s disclosure of a remote code execution flaw in Microsoft Visual Studio Code’s built-in integration of npm (CVE-2023-36742, CVSS score: 7.8). Microsoft promptly addressed this issue as part of its Patch Tuesday updates for September 2023, highlighting the ongoing importance of vigilance and proactive security measures in the face of evolving threats.
Conclusion
In an era where digital threats continue to evolve, it is crucial for organizations to stay proactive in identifying and addressing vulnerabilities within their network infrastructure. The pfSense exploit risks serve as a reminder that even trusted firewall solutions can be susceptible to exploitation. By staying informed, timely patching pfSense vulnerabilities, promptly applying pfSense software updates, and following best practices in cybersecurity, organizations can fortify defenses and ensure the resilience of their networks against potential threats.
The sources for this piece include articles in The Hacker News and Security Affairs.