pfSense 2.5.2 Shell Upload

Discussion in 'News Aggregator' started by Packet Storm, 5 Mar 2022.

  1. Packet Storm

    Packet Storm Guest

    This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface (CVE-2021-41282). The vulnerability affects versions 2.5.2 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module uses the vulnerability to create a web shell and execute payloads with root privileges.

    Continue reading...
     

Share This Page

Loading...