Vulnerability Description
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgate | Pfsense | < 2.6.0 |
| Netgate | Pfsense Plus | < 22.01 |
Related Weaknesses (CWE)
References
- https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.ascMitigationPatchVendor Advisory
- https://jvn.jp/en/jp/JVN87751554/index.htmlPatchThird Party Advisory
- https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.ascMitigationPatchVendor Advisory
- https://jvn.jp/en/jp/JVN87751554/index.htmlPatchThird Party Advisory
FAQ
What is CVE-2022-24299?
CVE-2022-24299 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the...
How severe is CVE-2022-24299?
CVE-2022-24299 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24299?
Check the references section above for vendor advisories and patch information. Affected products include: Netgate Pfsense, Netgate Pfsense Plus.