pfSense Server Vulnerabilities: Over 1,450 Instances Exposed to RCE Attacks

In a startling revelation, it’s been found that over 1,450 pfSense servers are at risk due to a series of vulnerabilities that could lead to Remote Code Execution (RCE) attacks. This discovery underscores the critical nature of network security in today’s interconnected world.

Understanding the Risks: pfSense’s Popularity and Flexibility

pfSense® – “World’s Most Trusted Open Source Firewall”, a widely-used open-source firewall and router software, is known for its customization and deployment flexibility, making it a preferred choice for many organizations. However, the recent discovery of pfSense server vulnerabilities has put its security under scrutiny.

Detailed Analysis of the Vulnerabilities

• Researchers from SonarSource, utilizing their SonarCloud tool, identified critical flaws in pfSense versions up to 2.7.0 and pfSense Plus versions up to 23.05.01. These flaws, namely , CVE-2023-42325, CVE-2023-42326, CVE-2023-42327, pose significant risks.
  • CVE-2023-42325  – CVSSv3 score: 5.3 (XSS)
  • CVE-2023-42327  – CVSSv3 score: 5.4 (XSS)
  • CVE-2023-42326 – CVSSv3 score: 8.8 (command injection)
• The command injection vulnerability is particularly severe, with a CVSS score of 8.8. It originates from the web UI of pfSense, where shell commands constructed from user data lack proper validation.
• This vulnerability is evident in the “gifif” network interface parameter, which, if exploited, allows attackers to execute commands with root privileges.
• An attacker’s strategy involves chaining these flaws to gain control over a user’s pfSense session, emphasizing the need for robust cybersecurity measures.

Response from Netgate and Current Exposure

• Netgate, pfSense’s vendor, acted swiftly upon receiving the reports in July 2023, releasing patches by November. Despite these updates, a significant number of pfSense servers remain unprotected.
• A Shodan scan revealed that out of 1,570 exposed pfSense servers, a mere fraction had applied the latest security patches, leaving around 1,320 servers vulnerable.

• This scenario presents a considerable attack surface, especially given pfSense’s usage in large enterprises.
• The potential for an attacker to breach data and infiltrate sensitive network segments is alarmingly high.

Securing Your Network Against pfSense Server Vulnerabilities

It’s crucial for organizations using pfSense to take immediate action. Applying the latest patches is the first step in mitigating these risks. Furthermore, conducting regular security assessments and staying informed about pfSense server vulnerabilities is essential for maintaining a secure network infrastructure.

In conclusion, while the exposure of these vulnerabilities in pfSense servers is concerning, it also serves as a reminder of the importance of continuous vigilance in cybersecurity. Organizations must prioritize patch management and security best practices to safeguard their networks against evolving threats.

Subscribe to our weekly news digest or more insights on securing your network and staying ahead of cybersecurity challenges.