CVE-2022-26019

Summary

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.

Affected Software

VendorProductVersion RangeStatus
pfSensepfSense CE and pfSense PluspfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References