First published: Tue Jun 25 2019(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgate pfSense | =2.4.4-p2 | |
Netgate pfSense | =2.4.4-p3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12949 is a vulnerability in pfSense 2.4.4-p2 and 2.4.4-p3 that allows an attacker to upload arbitrary executable code to a server.
An attacker can trick an authenticated administrator into clicking on a button on a phishing page, which will execute the XSS attack and allow the attacker to upload arbitrary executable code.
pfSense versions 2.4.4-p2 and 2.4.4-p3 are affected by CVE-2019-12949.
CVE-2019-12949 has a severity rating of 6.1 (Medium).
Yes, updating pfSense to a patched version will fix the vulnerability.