CVE-2016-10709

HIGH

Pfsense < 2.2.6 - OS Command Injection

Title source: rule

Description

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.

Exploits (4)

exploitdb WORKING POC

by Security-Assessment.com · textwebappsphp

https://www.exploit-db.com/exploits/39709

View Code ZIP pw:eip

nomisec WORKING POC 75 stars

by wetw0rk · poc

https://github.com/wetw0rk/Exploit-Development

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Security-Assessment.com, Milton Valencia, Jared Stephens · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsense_graph_injection_exec.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by s4squatch, h00die · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsense_group_member_exec.rb

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39709/

[Vendor Advisory] https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc

[Exploit, Third Party Advisory] https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec

[Exploit, Third Party Advisory] https://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf

Scores

CVSS v3 8.8

EPSS 0.7558

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

pfsense/pfsense < 2.2.6

Published Jan 22, 2018

Tracked Since Feb 18, 2026