Name: pfSense Firewall Vendor: Netgate Vulnerability: Command Injection Affected Versions: Versions before 2.4.4 CVE ID: CVE-2018-16055 An authenticated command injection was discovered on pfSense firewalls. Anyone with access to status_interfaces.php could relinquish a DHCP lease and inject arbitrary commands under the context of the root user. I have pfSense’s management interface at 10.10.10.10 in Virtual Box. If … Continue reading Command Injection on pfSense Firewalls