Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-19678

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.

Published

2023-04-06T18:15:08.210

Last Modified

2025-02-12T16:15:31.977

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-22
Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oisf	suricata	1.4.6	Yes
Application	pfsense	pfsense	2.1.3	Yes
Application	pfsense	suricata_package	1.0.1	Yes

References

http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html Broken Link ([email protected])
https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3 Patch ([email protected])
https://pastebin.com/8dj59053 Exploit, Third Party Advisory ([email protected])
http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://pastebin.com/8dj59053 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)