- Home
- CVEs with nessus.description==According to its self-reported version number, the remote pfSense
install is a version 2.3.x prior or equal to 2.3.5-p2 or 2.4.x
prior to 2.4.3-p1. It is, therefore, affected by multiple
vulnerabilities:
- Systems with microprocessors utilizing speculative execution and
address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with
local user access via a terminal page fault and a side-channel
analysis. (CVE-2018-3620)
- An authenticated command injection vulnerability exists in
status_interfaces.php via dhcp_relinquish_lease() in pfSense
before 2.4.4. This allows an authenticated WebGUI user with
privileges for the affected page to execute commands in the
context of the root user when submitting a request to relinquish
a DHCP lease for an interface which is configured to obtain its
address via DHCP. (CVE-2018-16055)
- a denial of service vulnerability exists in the ip fragment
reassembly code due to excessive system resource consumption.
This issue can allow a remote attacker who is able to send
arbitrary ip fragments to cause the machine to consume excessive
resources. (CVE-2018-6923)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top