JVNDB-2022-000020

[Japanese]
JVNDB-2022-000020
Multiple vulnerabilities in pfSense
Overview
pfSense software provided by Netgate contains multiple vulnerabilities listed below. * Cross-site scripting (CWE-79) - CVE-2021-20729 * Improper access control (CWE-284) - CVE-2022-26019 * Improper input validation (CWE-20) - CVE-2022-24299 Yutaka WATANABE of Ierae Security Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 7.2 (High) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High CVSS V2 Severity: Base Metrics 9.0 (High) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: Single Instance Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete The above CVSS base scores have been assigned for CVE-2022-26019
CVSS V3 Severity: Base Metrics: 6.1 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None CVSS V2 Severity: Base Metrics: 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None The above CVSS base scores have been assigned for CVE-2021-20729
CVSS V3 Severity: Base Metrics: 5.4 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None CVSS V2 Severity: Base Metrics: 5.5 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None The above CVSS base scores have been assigned for CVE-2022-24299
Affected Products

Electric Sheep Fencing pfSense CE versions 2.5.2 and earlier (CVE-2021-20729) pfSense CE versions prior to 2.6.0 (CVE-2022-26019, CVE-2022-24299) pfSense Plus versions 21.05 and earlier (CVE-2021-20729) pfSense Plus versions prior to 22.01 (CVE-2022-26019, CVE-2022-24299)

Impact
* An arbitrary script may be executed on a user's web browser when following a malicious URL to visit the captive portal login page - CVE-2021-20729 * A user with the privilege to change NTP GPS settings may rewrite existing files on the file system, resulting to arbitrary command execution - CVE-2022-26019 * A user with the privilege to change OpenVPN client or server settings may execute arbitrary commands - CVE-2022-24299
Solution
[Update the software] Update the software to the latest version according to the information provided by the developer.
Vendor Information
Electric Sheep Fencing pfSense : pfSense-SA-21_02.captiveportal - XSS vulnerability in the WebGUI pfSense : pfSense-SA-22_01.webgui - File overwrite vulnerability in the WebGUI pfSense : pfSense-SA-22_03.webgui - Multiple vulnerabilities in the WebGUI pfSense : pfSense Open Source Firewall pfSense : Releases
CWE (What is CWE?)
Improper Input Validation(CWE-20) [IPA Evaluation] Permissions(CWE-264) [IPA Evaluation] Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2021-20729 CVE-2022-26019 CVE-2022-24299
References
JVN : JVN#87751554 National Vulnerability Database (NVD) : CVE-2021-20729 National Vulnerability Database (NVD) : CVE-2022-26019 National Vulnerability Database (NVD) : CVE-2022-24299
Revision History
[2022/03/15] Web page was published [2024/06/21] References : Contents were added


Date Public	2022/03/15
Date First Published	2022/03/15
Date Last Updated	2024/06/21

Multiple vulnerabilities in pfSense