"Over 1,450 pfSense Servers Exposed to RCE Attacks via Bug Chain"

About 1,450 pfSense instances are vulnerable to command injection and Cross-Site Scripting (XSS) flaws that, if exploited together, could allow attackers to conduct Remote Code Execution (RCE) on the appliance. The pfSense solution is an open-source firewall and router software with extensive customization and deployment flexibility. It meets specific needs while providing various features typically found in expensive commercial products. SonarSource researchers found three flaws that affect pfSense 2.7.0 and older, as well as pfSense Plus 23.05.01 and older, in mid-November. This article continues to discuss the vulnerability of pfSense instances to command injection and XSS flaws.

Bleeping Computer reports "Over 1,450 pfSense Servers Exposed to RCE Attacks via Bug Chain"

Submitted by grigby1