What is CVE-2022-40624?

CVE-2022-40624 is a vulnerability in N/a. Published 2022-12-20.

Is CVE-2022-40624 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-40624

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.

EPSS: 0.847 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

dhammon/pfBlockerNg-CVE-2022-40624
ARPSyndicate/cvemon
cyb3r-w0lf/nuclei-template-collection
k0mi-tg/CVE-POC
20142995/nuclei-templates
nomi-sec/PoC-in-GitHub
whoforget/CVE-POC
youwizard/CVE-POC
manas3c/CVE-POC

References

docs.netgate.com/pfsense/en/latest/packages/pfblocker.html
github.com/dhammon/pfBlockerNg-RCE
github.com/dhammon/pfBlockerNg-CVE-2022-40624

Frequently asked questions

What is CVE-2022-40624?: CVE-2022-40624 is a vulnerability in N/a. Published 2022-12-20.
Is CVE-2022-40624 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.