CVE-2022-40624 Information

Description

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header a different vulnerability than CVE-2022-31814.

Reference

https://github.com/dhammon/pfBlockerNg-CVE-2022-40624 https://github.com/dhammon/pfBlockerNg-RCE https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html