pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)
high Nessus Plugin ID 106497
Language:
Synopsis
The remote firewall host is affected by multiple vulnerabilities.Description
According to its self-reported version number, the remote pfSense install is prior to 2.2.5. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.Solution
Upgrade to pfSense version 2.2.5 or later.See Also
https://doc.pfsense.org/index.php/2.2.5_New_Features_and_Changes
Plugin Details
Severity: High
ID: 106497
File Name: pfsense_SA-15_08.nasl
Version: 1.6
Type: remote
Family: Firewalls
Published: 1/31/2018
Updated: 7/24/2018
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:pfsense:pfsense, cpe:/a:bsdperimeter:pfsense
Required KB Items: Host/pfSense
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/8/2015
Vulnerability Publication Date: 9/4/2015
Reference Information
CVE: CVE-2014-2653, CVE-2015-1283, CVE-2015-1416, CVE-2015-1418, CVE-2015-5600, CVE-2015-5675, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7803, CVE-2015-7804, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
BID: 66459, 75990, 76116, 76236, 76317, 76485, 76497, 77273, 77274, 77275, 77276, 77277, 77278, 77279, 77280, 77281, 77282, 77283, 77284, 77285, 77286, 77287, 77288
FreeBSD: SA-15:14.bsdpatch, SA-15:16.openssh, SA-15:18.bsdpatch, SA-15:20.expat, SA-15:21.amd64, SA-15:22.openssh, SA-15:25.ntp
TRA: TRA-2015-04