CVE-2022-24299 vulnerability in Netgate Products
Published on March 31, 2022

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.

NVD

Products Associated with CVE-2022-24299

stack.watch emails you whenever new vulnerabilities are published in Netgate Pfsense or Netgate Pfsense Plus. Just hit a watch button to start following.

Netgate Pfsense

Netgate Pfsense Plus

Affected Versions

pfSense CE and pfSense Plus Version pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 is affected by CVE-2022-24299

Exploit Probability

EPSS

0.27%

Percentile

50.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-24299 vulnerability in Netgate ProductsPublished on March 31, 2022

Products Associated with CVE-2022-24299

Affected Versions

Exploit Probability

CVE-2022-24299 vulnerability in Netgate Products
Published on March 31, 2022