First published: Thu Mar 31 2022(Updated: )
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Netgate pfSense | <2.6.0 | |
Netgate pfSense Plus | <22.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-24299.
The severity of CVE-2022-24299 is high.
pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 are affected by CVE-2022-24299.
An attacker with the privilege to change OpenVPN client or server settings can execute an arbitrary command.
To fix CVE-2022-24299, update to pfSense CE software version 2.6.0 or later, or pfSense Plus software version 22.01 or later.