Topics tagged under "vulnerability"

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

H

CVE-2024-3596 / Radius client msg authenticator attribute

General pfSense Questions
• cve-2024-3596 security vulnerability radius • • helge000

2

0
Votes

2
Posts

244
Views

S

If you have set that I would expect no issue since the server would reject any unauthenticated requests.
J

CVE forum discussion categories?

Off-Topic & Non-Support Discussion
• vulnerability • • JonathanLee

20

1
Votes

20
Posts

940
Views

J

I got rid of some multiples in CURL and Strongswan by installing and uninstalling the package NUT again. NUT had some left over files from the last pfSense version.

Screenshot 2023-05-23 at 7.23.13 AM.png
S

PING vulnerability in FreeBSD: are we affected? Mitigations or updates available?

General pfSense Questions
• security vulnerability freebsd • • Stepinsky

5

0
Votes

5
Posts

670
Views

J

@stepinsky you would need to edit the subject (ie your first post) then you can edit that and add a tag of solved, etc.
S

OpenSSL vulnerabiltiy: pfSense affected?

General pfSense Questions
• openssl security vulnerability • • Stepinsky

3

0
Votes

3
Posts

674
Views

J

@stepinsky said in OpenSSL vulnerabiltiy: pfSense affected?:

I cannot judge the relavance of the vulnerability for pfSense users.

That is the big question for sure.. The analysis is still underway at nist

https://nvd.nist.gov/vuln/detail/CVE-2021-3712
This vulnerability is currently awaiting analysis.

The key really being
"If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit."

Would that be something that could be done with how and when pfsense uses openssl? And it seems there is a patch for freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-21:16.openssl.asc

So when netgate/pfsense feels its prudent sure they will make it available.

edit: Well this openssl thing was in one of the many newsletters I get ;) In one today.. Doesn't seem like it is too much of a concern to be honest.

Here is the article if interested
https://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm/
F

Remove the nginx file from PFSense

Problems Installing or Upgrading pfSense Software
• web gui nginx vulnerability • • fer.henrick

10

0
Votes

10
Posts

1.7k
Views

J

Internal scan is only if your service provider... And you sure and the hell do not need to make the web gui of pfsense available on the networks that are involved in the PCI..

For example - we are service provider, we host stuff that is PCI for customers... We don't need to scan the management vlan, only need to scan the networks that are directly involved in the processing of the payments..

We are not scanning every single network in the company... You only need to scan the network related to your pci environment.. If your switches and or routers and firewall interfaces are available on your pci networks - your doing it wrong!
T

CVE-2019-14899

General pfSense Questions
• security vulnerability • • tve

3

0
Votes

3
Posts

407
Views

T

Sorry there is another thread on this:
https://forum.netgate.com/topic/148713/cve-2019-14899

CVE-2024-3596 / Radius client msg authenticator attribute

CVE forum discussion categories?

PING vulnerability in FreeBSD: are we affected? Mitigations or updates available?

OpenSSL vulnerabiltiy: pfSense affected?

Remove the nginx file from PFSense

CVE-2019-14899