CVE-2019-12949

{"id": "CVE-2019-12949", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-06-25T11:15:10.280", "references": [{"url": "https://github.com/tarantula-team/CVE-2019-12949", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges on that server."}, {"lang": "es", "value": "En pfSense versiones 2.4.4-p2 y 2.4.4-p3, si es posible enga\u00f1ar a un administrador autenticado para que haga cliquee sobre un bot\u00f3n en una p\u00e1gina de phishing, un atacante puede aprovechar un XSS para cargar c\u00f3digo ejecutable arbitrario, por medio de los archivos diag_command.php y rrd_fetch_json .php (par\u00e1metro timePeriod), hacia un servidor. Despu\u00e9s, el atacante remoto puede ejecutar cualquier comando con privilegios root en ese servidor."}], "lastModified": "2019-06-25T17:36:55.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netgate:pfsense:2.4.4:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F038B4C-BC0C-40A8-B547-36F0420CD800"}, {"criteria": "cpe:2.3:a:netgate:pfsense:2.4.4:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FC53B2F-94B4-4985-B49E-652C6D3A9940"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}