RCE exploit

albgen · Aug 10, 2024, 5:41 PM

Hi,

Seems we have a problem. A nice RCE found from here:
https://laburity.com/exploiting-pfsense-remote-code-execution-cve-2022-31814/

w0w · Aug 10, 2024, 6:44 PM

@albgen
I am sorry and what's the problem you have?
Couldn't grasp the point of that article, or did you miss that the vulnerability dates back to 2022? It's already 2024, in case you didn't notice.

albgen · Aug 10, 2024, 6:57 PM

@w0w said in RCE exploit:

@albgen
I am sorry and what's the problem you have?
Couldn't grasp the point of that article, or did you miss that the vulnerability dates back to 2022? It's already 2024, in case you didn't notice.

Yes, sure. Just don't reply here please.

chpalmer · Aug 10, 2024, 7:07 PM

@albgen

From Reddit..
"Package has been updated a few times since then so the CVE doesn’t seem to apply to the latest one."

From Pentest-tools.com
"Recommendation Upgrade to a patched version of pfSense pfBlockerNG (>=2.1..4_27) to mitigate this vulnerability."

Old news. Current pfblockerNG package is at 3.2.0_10

Please no FUDD.

AndyRH · Aug 11, 2024, 2:04 AM

@albgen said in RCE exploit:

cve-2022-31814

I can apricate the post and you trying to be helpful. The bold indicates the year the CVE was created. When you see an old one, someone is trying scare tactics.

stephenw10 · Aug 11, 2024, 9:19 PM

They updated the CVE so the POC code works currently but....

It still only applies to old versions of pfBlocker that no-one should be running.

It requires access to the webgui so most installs would not be vulnerable except from internal devices even if they are still running that ancient code.

I think that the title implies a vulnerability in pfSense and not in pfBlocker tells you all you need to know.

Steve

johnpoz · Aug 12, 2024, 12:31 AM

@stephenw10 this seems to be popping up everywhere - not sure if that post I linked to was the original, or a copy from elsewhere - but seeing the exact article pop up on other security sites.

And not one I have seen have bothered to clarify anything.. Like hey this is interesting, but its years old and not to worry.. But good reminder to keep your software updated.. And btw you shouldn't have your gui exposed in the first damn place, etc..