SecBoard
Zurück zur CVE-Übersicht

CVE-2025-34173

MEDIUM(4.3)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Risk Signal Score11/100 — NIEDRIG
  • CVSS 4.3 — Mittel

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.3

Technische Schwere

Beschreibung

In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.

Referenzen