Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Stored XSS vulnerability patched in open source firewall pfSense

A severe cross-site scripting (XSS) vulnerability impacting pfSense software has been patched by the vendor.

Netgate solutions’ pfSense software is an open source offering based on FreeBSD for firewalling and routing, made available under an Apache 2.0 license.

Products include pfSense Community Edition (CE) and the more advanced pfSense Plus, formerly known as pfSense Factory Edition (FE).

Vulnerability

The XSS flaw, found in the services_wol.php function of the pfSense CE and pfSense Plus software WebGUI, was discovered and reported by Fortinet Systems Engineer William Costa.

Tracked as CVE-2021-27933, the vulnerability was added to Full Disclosure on April 27.

Speaking to The Daily Swig, Costa said that an attack leveraging the vulnerability could allow attackers to create a malicious payload designed to trigger a stored XSS and lure a privileged user into executing the exploit, leading to application compromise.

To exploit the bug, an attacker would need to inject code into the ‘Description’ parameter of the function. As there is a lack of proper encoding, malicious JavaScript could then be executed in a victim’s browser.

“The page did not validate the contents of the Description field for Wake on LAN entries, nor did it encode the output when using the ‘Wake All Devices’ function which prints this value, leading to a possible XSS,” the security advisory reads.

XSS vulnerabilities come in a variety of flavors, some of the most severe being stored and persistent XSS, in which malicious code is injected into a target application and input is stored.

These bugs are used to manipulate browser sessions, circumvent same origin policies, and can be exploited by attackers in a variety of scenarios including impersonating users, phishing, malicious payloads deployment, the theft of credentials and user data, and potentially the full hijack of a vulnerable application when a victim has high levels of privilege.

Costa said the vulnerability was found as he conducted tests on a tool designed to scan for zero-day vulnerabilities.

The engineer first explored PfSense for the existence of unknown bugs, found the XSS issue, and then applied the tool to see if the same vulnerability would be found (ironically, the tool failed).

“In my test, [it] was possible [to] access the anti-CSRF token, that can [be] used [to] create and execute another action in PfSense, like creat[ing] a new user,” Costa added.

Patch

PfSense software versions 2.5.0 and below are impacted, alongside pfSense Plus software versions 21.02-p1 and below.

The XSS flaw was acknowledged in release notes for pfSense 2.5.1 and pfSense Plus 21.02.2, which both contain a patch for the bug.

Advertisement. Scroll to continue reading.

The Daily Swig has reached out to the pfSense team and we will update when we hear back.

Source: https://portswigger.net/daily-swig/stored-xss-vulnerability-patched-in-open-source-firewall-pfsense

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO