all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

pfSense Restore RRD Data Command Injection

Add to bookmarks
July 13, 2023, 3:06 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.

backup backup and restore command command injection data exploits function injection metasploit operating system pfsense privilege release restore root system version vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

The Not-So-Silent Type 1 day, 18 hours ago | packetstormsecurity.com
apps called keyboard keystrokes +6
Ubuntu Security Notice USN-6754-1 1 day, 18 hours ago | packetstormsecurity.com
attacker denial of service http implementation +11
Ubuntu Security Notice USN-6753-1 1 day, 18 hours ago | packetstormsecurity.com
attacker configuration cryptographic default +14
Debian Security Advisory 5674-1 1 day, 18 hours ago | packetstormsecurity.com
advisory debian debian linux security denial of service +9
Ubuntu Security Notice USN-6751-1 1 day, 18 hours ago | packetstormsecurity.com
attacker attacks cross-site data +11
Ubuntu Security Notice USN-6752-1 1 day, 18 hours ago | packetstormsecurity.com
attacker crash denial of service issue +10
Red Hat Security Advisory 2024-2066-03 1 day, 18 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2064-03 1 day, 18 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2063-03 1 day, 18 hours ago | packetstormsecurity.com
advisory buffer buffer overflow enterprise +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs