Описание
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pfsense:pfsense:2.8.0:*:*:*:community:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
5 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-36
Связанные уязвимости
CVSS3: 5
github
7 месяцев назад
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
EPSS
Процентиль: 12%
0.00041
Низкий
5 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-36