Executive summary
Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.In accordance with our coordinated disclosure policy, Cisco Talos worked with Netgate to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability (TALOS-2018-0690 / CVE-2018-4019)This command injection vulnerability in Netgate pfSense is due to lack of sanitization on the 'powerd_normal_mode' parameter in POST requests to 'system_advanced_misc.php'. When processing requests to '/system_advanced_misc.php', Netgate pfSense firewall does not properly sanitize the 'powerd_normal_mode' POST parameter.
Netgate pfSense system_advanced_misc.php powerd_ac_mode Remote Command Injection Vulnerability (TALOS-2018-0690 / CVE-2018-4020)
A command injection vulnerability in Netgate pfSense exists due to the lack of sanitization on the 'powerd_ac_mode'parameter in POST requests to 'system_advanced_misc.php'. When processing requests to '/system_advanced_misc.php', Netgate pfSense firewall does not properly sanitize the 'powerd_ac_mode' POST parameter.
For more information on this vulnerability, read the full advisory here.
Netgate pfSense system_advanced_misc.php powerd_ac_mode Remote Command Injection Vulnerability (TALOS-2018-0690 / CVE-2018-4021)
A command injection vulnerability in Netgate pfSense exists due to the lack of sanitization on the powerd_battery_mode', parameter in POST requests to 'system_advanced_misc.php'. When processing requests to '/system_advanced_misc.php', Netgate pfSense firewall does not properly sanitize the 'powerd_battery_mode' POST parameter.
For more information on this vulnerability, read the full advisory here.
Conclusion
Cisco Talso tested and confirmed that Netgate pfSense CE 2.4.4-RELEASE is affected by these vulnerabilities.
Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.Snort Rules: 48178