CVE-2023-42326

HIGH

Netgate Pfsense < 2.7.0 - Command Injection

Title source: rule

Description

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

Exploits (1)

nomisec WORKING POC 3 stars

by bl4ckarch · poc

https://github.com/bl4ckarch/CVE-2023-42326

View Code ZIP pw:eip

References (2)

[Various Sources] https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/

[Vendor Advisory] https://docs.netgate.com/downloads/pfSense-SA-23_10.webgui.asc

Scores

CVSS v3 8.8

EPSS 0.8480

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (2)

netgate/pfsense < 2.7.0

netgate/pfsense_plus < 23.05.1

Published Nov 14, 2023

Tracked Since Feb 18, 2026