Known Vulnerabilities for Pfsense by Netgate
Listed below are 10 of the newest known vulnerabilities associated with "Pfsense" by "Netgate".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-21487 | Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitr... | 9.6 - CRITICAL | 2023-04-04 | 2023-04-10 |
| CVE-2020-21219 | Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote at... | 6.1 - MEDIUM | 2022-12-15 | 2022-12-19 |
| CVE-2020-19203 | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of... | 5.4 - MEDIUM | 2021-07-12 | 2022-05-13 |
| CVE-2020-19201 | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGU... | 5.4 - MEDIUM | 2021-07-12 | 2021-09-14 |
| CVE-2020-11457 | pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) ... | 5.4 - MEDIUM | 2020-04-01 | 2020-04-06 |
| CVE-2020-10797 | An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing i... | 6.1 - MEDIUM | 2020-04-29 | 2020-05-01 |
| CVE-2019-12585 | Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in... | 9.8 - CRITICAL | 2019-06-03 | 2020-08-24 |
| CVE-2019-12584 | Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. | 6.1 - MEDIUM | 2019-06-03 | 2019-06-04 |
| CVE-2019-12347 | In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via... | 6.1 - MEDIUM | 2019-05-29 | 2019-05-30 |
| CVE-2019-11816 | Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authentica... | 7.2 - HIGH | 2019-05-20 | 2020-08-24 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netgate | Pfsense | 2.5.0 | All | All | All |
| Application | Netgate | Pfsense | 2.4.5 | All | All | All |
| Application | Netgate | Pfsense | 2.4.4 | p3 | All | All |
| Application | Netgate | Pfsense | 2.4.4 | p2 | All | All |
| Application | Netgate | Pfsense | 2.4.4 | p1 | All | All |
| Application | Netgate | Pfsense | 2.4.4 | - | All | All |
| Application | Netgate | Pfsense | 2.4.3 | p1 | All | All |
| Application | Netgate | Pfsense | 2.4.3 | - | All | All |
| Application | Netgate | Pfsense | 2.4.2 | - | All | All |
| Application | Netgate | Pfsense | 2.4.2 | p1 | All | All |
| Application | Netgate | Pfsense | 2.4.1 | All | All | All |
| Application | Netgate | Pfsense | 2.4 | All | All | All |
| Application | Netgate | Pfsense | 2.3.5 | p2 | All | All |
| Application | Netgate | Pfsense | 2.3.5 | p1 | All | All |
| Application | Netgate | Pfsense | 2.3.5 | - | All | All |
| Application | Netgate | Pfsense | 2.3.4 | p1 | All | All |
| Application | Netgate | Pfsense | 2.3.4 | - | All | All |
| Application | Netgate | Pfsense | 2.3.3 | - | All | All |
| Application | Netgate | Pfsense | 2.3.2 | - | All | All |
| Application | Netgate | Pfsense | 2.3.2 | p1 | All | All |