CVE-2023-42326

high-risk

Published 2023-11-14

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

Do I need to act?

83.7% chance of exploitation in next 30 days

EPSS score — higher than 16% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (2)

Pfsense

Pfsense Plus

Affected Vendors

Netgate

References (4)

Vendor Advisory https://docs.netgate.com/downloads/pfSense-SA-23_10.webgui.asc

https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/

Vendor Advisory https://docs.netgate.com/downloads/pfSense-SA-23_10.webgui.asc

https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 20/34 · Moderate

Exposure 7/34 · Low