CVE-2023-48123

high

Description

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

References

https://redmine.pfsense.org/issues/14809

https://github.com/pfsense/pfsense/commit/f72618c4abb61ea6346938d0c93df9078736b775

https://docs.netgate.com/downloads/pfSense-SA-23_11.webgui.asc

Details

Source: Mitre, NVD

Published: 2023-12-06

Updated: 2023-12-12

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H