CVE-2019-12949
MEDIUMpfSense 2.4.4-p2 and 2.4.4-p3 - Authenticated Remote Code Execution via XSS in diag_command.php and rrd_fetch_json.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-12949. PoCs published by tarantula-team.
AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2019-12949, demonstrating an XSS vulnerability in pfSense 2.4.4-p2 and 2.4.4-p3 that can be chained to achieve remote code execution (RCE) via CSRF and file upload. The PoC includes detailed steps and code snippets for exploiting the vulnerability.
Description
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges on that server.
Exploits (1)
This repository provides a functional proof-of-concept for CVE-2019-12949, demonstrating an XSS vulnerability in pfSense 2.4.4-p2 and 2.4.4-p3 that can be chained to achieve remote code execution (RCE) via CSRF and file upload. The PoC includes detailed steps and code snippets for exploiting the vulnerability.
References (1)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N