CVE-2022-24299

Summary

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.

Affected Software

VendorProductVersion RangeStatus
pfSensepfSense CE and pfSense PluspfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01affected

Weaknesses

  • Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References