CVE-2022-26019 vulnerability in Netgate Products
Published on March 31, 2022
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
Products Associated with CVE-2022-26019
stack.watch emails you whenever new vulnerabilities are published in Netgate Pfsense or Netgate Pfsense Plus. Just hit a watch button to start following.
Affected Versions
pfSense CE and pfSense Plus Version pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 is affected by CVE-2022-26019Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.