Share
## https://sploitus.com/exploit?id=SAINT:92BF4671B8BA16C90E05B31AAFA9EC03
Added: 12/23/2022  


### Background

[pfSense](<https://www.pfsense.org>) is an open-source network firewall based on the FreeBSD operating system. pfSense is the software which powers [Netgate](<https://www.netgate.com>) Security Gateway Appliances. 

[pfBlockerNG](<https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html>) is a pfSense package which allows creation of firewall rules on the appliance. 

### Problem

A vulnerability in pfSense pfBlockerNG allows remote, unauthenticated attackers to inject arbitrary commands in the Host header of an HTTP request. 

### Resolution

Upgrade to pfSense pfBlockerNG 2.1.4_27 or higher. 

### References

<https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/>