This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Despite the title saying XSS, the POCs reveal this is actually a **Command Injection** vulnerability! π€― π₯ **Consequences**: Attackers can execute arbitrary shell commands on the firewall.β¦
π‘οΈ **Root Cause**: Flawed input validation in `interfaces_gif_edit.php` and `interfaces_gre_edit.php`. π π **CWE**: While CWE is null in data, the behavior matches **CWE-78 (OS Command Injection)**.β¦
π¦ **Affected**: pfSense CE **v2.7.0** and pfSense Plus **<= 23.05.1**. π π§ **Components**: Specifically the GIF and GRE interface editing pages (`interfaces_gif_edit.php`, `interfaces_gre_edit.php`).
Q4What can hackers do? (Privileges/Data)
π» **Hacker Power**: Full **Command Injection**! π π **Data/Privs**: Can run any shell command. This means accessing sensitive configs, stealing keys, or pivoting to internal networks.β¦
π **Threshold**: **High** for unauthenticated users, **Low** for authenticated users. π β οΈ **Auth**: The POCs state it requires **authenticated attackers**. You need valid admin credentials to trigger this injection.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exp?**: **YES!** π¨ π **PoCs**: Multiple Python scripts available on GitHub (e.g., `bl4ckarch/pf-pwnme`, `Farzan-Kh/CVE-2023-42326`). They support `gif`/`gre` modes and even reverse shells via Netcat.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. Check your pfSense version (Is it 2.7.0 or older Plus?). 2. Scan for the specific PHP files: `interfaces_gif_edit.php`. 3.β¦
π§ **No Patch? Workaround**: 1. **Restrict Access**: Block access to `interfaces_gif_edit.php` and `interfaces_gre_edit.php` via firewall rules if possible. 2.β¦
π₯ **Urgency**: **CRITICAL** (for authenticated users). π **Priority**: **P1 - Immediate Action**. π‘ **Why**: PoCs are public, and the impact is full RCE.β¦