Vulnerability feed

Vulnerability

CVE-2022-31814

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-31814
Description:: pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
Last updated date:: 07/03/2024

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 09/18/2024
Reference url to background: https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/1/CSA-PRC-LINKED-ACTORS-BOTNET.PDF

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/09/2022
Reference url to background: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/18/2022
Reference url to background: https://github.com/EvergreenCartoons/SenselessViolence

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/12/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsense_pfblockerng_webshell.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/28/2022
Reference url to background: http://packetstormsecurity.com/files/168743/pfSense-pfBlockerNG-2.1.4_26-Shell-Upload.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/26/2023
Reference url to background: https://github.com/Chocapikk/CVE-2022-31814

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/23/2024
Reference url to background: https://github.com/Laburity/CVE-2022-31814

Vulnerability Feed Contributors About Blog

@inTheWild

©2025 |