Vulnerability Description
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgate | Pfsense | < 2.6.0 |
| Netgate | Pfsense Plus | < 22.01 |
Related Weaknesses (CWE)
References
- https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.ascMitigationPatchVendor Advisory
- https://jvn.jp/en/jp/JVN87751554/index.htmlPatchThird Party Advisory
- https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.ascMitigationPatchVendor Advisory
- https://jvn.jp/en/jp/JVN87751554/index.htmlPatchThird Party Advisory
FAQ
What is CVE-2022-26019?
CVE-2022-26019 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the p...
How severe is CVE-2022-26019?
CVE-2022-26019 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26019?
Check the references section above for vendor advisories and patch information. Affected products include: Netgate Pfsense, Netgate Pfsense Plus.