CVE-2018-4021 is a vulnerability in Netgate Pfsense
Published on December 3, 2018
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter.
Products Associated with CVE-2018-4021
Want to know whenever a new CVE is published for Netgate Pfsense? stack.watch will email you.
Affected Versions
Netgate pfSense Version Netgate pfSense CE 2.4.4-RELEASE is affected by CVE-2018-4021Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.