ClickCease Securing Networks: Addressing pfSense Vulnerabilities

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Securing Networks: Addressing pfSense Vulnerabilities

by Wajahat Raja

December 28, 2023 - TuxCare expert team

In recent findings by Sonar, critical security vulnerabilities have emerged within the widely-used open-source Netgate pfSense firewall solution, potentially exposing susceptible appliances to unauthorized command execution. These pfSense vulnerabilities, comprising two reflected cross-site scripting (XSS) bugs and one command injection flaw, pose a serious threat to the security of local networks.


The pfSense Vulnerabilities


Security researcher Oskar Zeino-Mahmalat emphasized the significance of addressing vulnerabilities within local networks, where a false sense of security often prevails due to the reliance on firewalls for protection against remote attacks. The discovered
firewall software vulnerabilities in pfSense, affecting versions CE 2.7.0 and below, as well as pfSense Plus 23.05.1 and below, underscore the need for immediate attention.


Vulnerability Overview


Given below are the
three vulnerabilities that were discovered:

 

  1. CVE-2023-42325 (CVSS score: 5.4) – Status Logs XSS Vulnerability – An XSS vulnerability in status_logs_filter_dynamic.php enables a remote attacker to gain privileges through a specially crafted URL, potentially leading to unauthorized access.
  2. CVE-2023-42327 (CVSS score: 5.4) – Service Providers XSS Vulnerability – The getserviceproviders.php page is susceptible to an XSS vulnerability, allowing a remote attacker to gain privileges by exploiting a crafted URL, posing a risk of unauthorized actions.
  3. CVE-2023-42326 (CVSS score: 8.8) – Interfaces Code Execution Flaw – A lack of validation in interfaces_gif_edit.php and interfaces_gre_edit.php components opens the door for a remote attacker to execute arbitrary code, presenting a critical risk to system security.

 

These pfSense security issues can be weaponized by tricking an authenticated pfSense user, typically an administrator, into clicking on a specifically crafted URL. This URL, containing an XSS payload, triggers command injection, allowing attackers to compromise the firewall’s integrity.


Reflected XSS Attacks


Reflected XSS attacks, also known as non-persistent attacks, occur when an attacker injects a malicious script into a vulnerable web application. The script is then returned in the HTTP response and executed on the victim’s web browser. In the case of
network security flaws in pfSense, this type of attack enables threat actors to perform actions within the firewall using the victim’s permissions.


Cybersecurity Risks with pfSense


Given that the pfSense process runs with root privileges to modify networking settings, successful exploitation of these vulnerabilities grants attackers the ability to
execute arbitrary system commands as root. This underscores the severity of the threat, as unauthorized access at this level poses a significant risk to the overall security of the network.


Mitigation and Resolution


Following a responsible disclosure on July 3, 2023, the identified
critical vulnerabilities in pfSense have been promptly addressed in pfSense CE 2.7.1 and pfSense Plus 23.09, released last month. Network administrators and users are strongly advised to update their pfSense installations to the latest versions and follow the best practices for pfSense security to mitigate the risks posed by these vulnerabilities.


Lessons from Recent Incidents


The revelation of these
open-source firewall vulnerabilities follows closely on the heels of Sonar’s disclosure of a remote code execution flaw in Microsoft Visual Studio Code’s built-in integration of npm (CVE-2023-36742, CVSS score: 7.8). Microsoft promptly addressed this issue as part of its Patch Tuesday updates for September 2023, highlighting the ongoing importance of vigilance and proactive security measures in the face of evolving threats.


Conclusion


In an era where digital threats continue to evolve, it is crucial for organizations to stay proactive in identifying and addressing vulnerabilities within their network infrastructure. The
pfSense exploit risks serve as a reminder that even trusted firewall solutions can be susceptible to exploitation. By staying informed, timely patching pfSense vulnerabilities, promptly applying pfSense software updates, and following best practices in cybersecurity, organizations can fortify defenses and ensure the resilience of their networks against potential threats.

The sources for this piece include articles in The Hacker News and Security Affairs

Summary
Securing Networks: Addressing pfSense Vulnerabilities
Article Name
Securing Networks: Addressing pfSense Vulnerabilities
Description
Discover and resolve pfSense vulnerabilities swiftly with insights on critical flaws. Upgrade to safeguard your network integrity.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!