Cyber Resilience

CVE-2023-27253

HighPublic PoC

Published: 17 March 2023

Published
17 March 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7915 99.1th percentile
Risk Priority 65 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27253 is a high-severity aka Blind XPath Injection (CWE-91) vulnerability in Netgate Pfsense. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A command injection vulnerability tracked as CVE-2023-27253 affects the restore_rrddata() function in Netgate pfSense version 2.7.0. The flaw resides in the handling of the config.xml component and stems from insufficient validation of XML content, enabling an attacker to inject operating-system commands. It carries a CVSS 3.1 score of 8.8 and is also associated with CWE-91.

An authenticated attacker with network access can supply a crafted XML file to the affected component and thereby execute arbitrary commands on the underlying system. Because the attack requires only low privileges and no user interaction, successful exploitation can result in full confidentiality, integrity, and availability impact on the pfSense instance.

Public references point to a corrective commit in the pfSense repository and a corresponding Redmine issue that document the remediation steps. The same references include a public exploit archive entry describing the restore-rrd-data injection vector, indicating that patch application or upgrade to a fixed release is the primary mitigation path. The associated EPSS score remains near 0.79 with negligible movement between its recorded peak and current values.

EU & UK References

Vulnerability details

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgate
pfsense
2.7.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References