CVE-2022-31814

CVSS 9.8 CRITICALEPSS 86.4%CWE-78

Vexday Risk Score

85Fix now

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 86.4%KEV nãoPoC públicaNuclei simMetasploit simPatch —

Lifecycle

05 Sep 2022Metasploit module available

05 Sep 2022Published on NVD

18 Sep 2022Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 12

githubgithub.com/Laburity/CVE-2022-31814★ 23 githubgithub.com/EvergreenCartoons/SenselessViolence★ 4 githubgithub.com/Chocapikk/CVE-2022-31814★ 3 githubgithub.com/drcayber/RCE★ 2 githubgithub.com/SystemVll/CVE-2022-31814★ 1 githubgithub.com/TheUnknownSoul/CVE-2022-31814★ 1 githubgithub.com/dkstar11q/CVE-2022-31814★ 1 githubgithub.com/Madliife0/CVE-2022-31814★ 0 githubgithub.com/ArunHAtter/CVE-2022-31814★ 0 cve_referencepacketstormsecurity.com/files/168743/pfSense-pfBlockerNG-2.1.4_26-Shell-Upload.htmlunverified exploitdbwww.exploit-db.com/exploits/51032unverified cve_referencepacketstormsecurity.com/files/171123/pfBlockerNG-2.1.4_26-Remote-Code-Execution.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/168743/pfSense-pfBlockerNG-2.1.4_26-Shell-Upload.html http://packetstormsecurity.com/files/171123/pfBlockerNG-2.1.4_26-Remote-Code-Execution.html https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html https://github.com/pfsense/FreeBSD-ports/pull/1169 https://github.com/pfsense/FreeBSD-ports/pull/1169/commits/071bdcf2d918c3e51cde11cf81fbd9b6f0379d7e https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/