CVE-2024-54780 Information

Description

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter.

Reference

http://netgate.com https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack/