What is CVE-2014-4688?

CVE-2014-4688 is a vulnerability in Netgate Pfsense. Published 2014-07-02.

Is CVE-2014-4688 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Netgate Pfsense

CVE-2014-4688

pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rr…

EPSS: 0.070 (93.3th percentile) — read the EPSS interpretation.

Affected products

Netgate Pfsense
N/a — versions n/a

Public proof-of-concept exploits

andyfeili/CVE-2014-4688
jaydenblair/CVE-2014-4688-pfsense
fenix0499/CVE-2014-4688-NodeJs-Exploit
AndyFeiLi/CVE-2014-4688
PuddinCat/GithubRepoSpider
shreesh1/CVE-2014-0226-poc

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
43560 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2014-4688?: CVE-2014-4688 is a vulnerability in Netgate Pfsense. Published 2014-07-02.
Is CVE-2014-4688 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.