pfSense: pfSense-SA-16_08.webgui: Arbitrary Code Execution
Description
A command-injection vulnerability exists in auth.inc via system_groupmanager.php using the 'members' parameter. This allows an authenticated WebGUI user with privileges for system_groupmanager.php to execute commands in the context of the root user. A user on pfSense version 2.3.1_1 or earlier, granted limited access to the pfSense web configurator GUI including access to system_groupmanager.php could leverage these vulnerabilities to gain increased privileges, read other files, execute commands, or perform other alterations. Note users with access to the group manager almost always have full admin rights, and can grant themselves such rights if they do not already have them. This is not relevant for admin-level users as there are other deliberate means by which an administrator could run commands.
Solution(s)
- pfsense-upgrade-latest
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center
