What is CVE-2022-31814?

CVE-2022-31814 is a vulnerability in N/a. Published 2022-09-05.

Is CVE-2022-31814 known to be exploited?

28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-31814

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

EPSS: 0.944 (100.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Laburity/CVE-2022-31814
EvergreenCartoons/SenselessViolence
Chocapikk/CVE-2022-31814
drcayber/RCE
SystemVll/CVE-2022-31814
dkstar11q/CVE-2022-31814
TheUnknownSoul/CVE-2022-31814
ArunHAtter/CVE-2022-31814
Madliife0/CVE-2022-31814
rapid7/metasploit-framework

References

docs.netgate.com/pfsense/en/latest/packages/pfblocker.html
www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/
packetstormsecurity.com/files/168743/pfSense-pfBlockerNG-2.1.4_26-Shell-Upload…
packetstormsecurity.com/files/171123/pfBlockerNG-2.1.4_26-Remote-Code-Execution…
github.com/pfsense/FreeBSD-ports/pull/1169
github.com/pfsense/FreeBSD-ports/pull/1169/commits/071bdcf2d918c3e51cde11cf81fb…

Frequently asked questions

What is CVE-2022-31814?: CVE-2022-31814 is a vulnerability in N/a. Published 2022-09-05.
Is CVE-2022-31814 known to be exploited?: 28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.