CVE-2021-41282 Scanner
Detects 'Code Injection' vulnerability in pfSense affects v. 2.5.2.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4
Toolbox
-
PfSense is a popular firewall that is widely used across different industries and is known for its reliability and security. It is a free and open-source firewall that is designed to protect networks from unauthorized access and ensure the reliable flow of data. In addition to its core firewall functionality, PfSense also offers a range of other features such as VPN, traffic shaping, and proxy capabilities, making it a robust and versatile solution for network security.
The CVE-2021-41282 vulnerability was recently discovered in PfSense 2.5.2, which is concerning as it allows for sed data injection. Despite the fact that the escapeshellarg function is being used for argument protection, the vulnerability still allows for the injection of sed-specific code and the writing of arbitrary files in arbitrary locations. This flaw enables authenticated users to view data about the routes set in the firewall, making it a serious security concern for users of the platform.
If this vulnerability is exploited, it can lead to highly concerning consequences such as unauthorized access and exploitation of the network, data loss, and system compromise. Cybercriminals can use this vulnerability to execute arbitrary code with elevated privileges, leading to the potential disclosure of sensitive information or complete control of the affected system. The CVE-2021-41282 vulnerability can also be used in combination with other vulnerabilities to create complex and highly damaging attacks.
Thanks to pro features of the s4e.io platform, individuals and businesses can rest assured that their digital assets are well protected. The platform offers comprehensive vulnerability scanning, risk assessment, and remediation capabilities to ensure that users are aware of any vulnerabilities in their systems and are equipped with the tools to address them quickly and efficiently. With s4e.io, users can enjoy peace of mind knowing that their cybersecurity is in good hands.
REFERENCES