Critical remote code execution vulnerability in pfSense

A critical vulnerability has been reported in pfSense, a custom distribution of FreeBSD and adapted for use as an operating system on network devices, including firewalls and routers.

Tracked as CVE-2021-41282, this vulnerability exists due to improper validation of entries in the sed utility. Remote users could send specially crafted requests and execute arbitrary code on affected systems.

The vulnerability received a score of 7.9/10 according to the Common Vulnerability Scoring System (CVSS) and its successful exploitation would allow full commitment of the affected implementations.

The report notes that the vulnerability resides in all active versions of pfSense between v1.0.x and v2.5.2.

As mentioned above, the vulnerability could be exploited by remote threat actors over the Internet using specially crafted requests, although an attack would require authenticated access to the target system.

Although there is a proof of concept (PoC) exploit, no active exploitation attempts have been detected so far. Still, pfSense developers recommend applying the updates as soon as possible in order to fully mitigate the risk of exploitation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.