|
Description
|
|
Multiple vulnerabilities have been reported in in pfSense, which can be exploited by malicious people to conduct brute force and cross-site scripting attacks, bypass certain security restrictions, cause a DoS (Denial of Service).
1) Multiple errors are caused due to a bundled vulnerable version of OpenSSL.
For more information:
SA61702
2) An error exists due to a bundled vulnerable version of NTP.
For more information:
SA61041
(#4)
3) An error exists due to a bundled vulnerable version of OpenVPN.
For more information:
SA62628
4) Certain input passed to edit.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
5) Certain input related to the captive portal status widget is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
6) Certain input related to the Notifications page is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in versions 2.1.5 and prior.
|
