Vulnerability Database

300,991

Total vulnerabilities in the database

CVE-2023-27253

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

Published: Mar 17, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-27253
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-91

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
netgate / pfsense	2.7.0	2.7.0.x

http://packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.html
https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94
https://redmine.pfsense.org/issues/13935

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo