CVE-2022-40624 Scanner

pfSense pfBlockerNG is a widely used firewall and network protection tool integrated with the pfSense platform. It is designed to enhance network security by blocking unwanted traffic, managing DNS blocking, and controlling access to specific domains and IP addresses. pfSense pfBlockerNG is frequently used by organizations and individuals to strengthen their cybersecurity defenses.

This vulnerability allows remote attackers to execute arbitrary OS commands via the HTTP Host header in pfSense pfBlockerNG versions through 2.1.4_27. The improper handling of input in the Host header results in command injection, providing attackers with root-level access to the system. This makes the vulnerability critical as it allows complete control over the affected systems.

Technical details reveal that the flaw lies in the lack of proper sanitization of the HTTP Host header. Attackers can craft malicious headers to inject arbitrary commands, which are then executed on the system with root privileges. Exploiting this vulnerability requires minimal effort and no prior authentication.

If exploited, this vulnerability can lead to the full compromise of the system, including unauthorized access to sensitive data, manipulation of firewall rules, and deployment of additional malware. The severity of the vulnerability makes it essential for users to apply patches immediately to avoid catastrophic security breaches.

REFERENCES

• https://github.com/dhammon/pfBlockerNg-CVE-2022-40624
• https://nvd.nist.gov/vuln/detail/CVE-2022-40624