Skip to main content

CVE-2024-57273: n/a in n/a

Medium
VulnerabilityCVE-2024-57273cvecve-2024-57273
Published: Wed May 14 2025 (05/14/2025, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated from the public SSH key.

AI-Powered Analysis

AILast updated: 07/04/2025, 12:25:33 UTC

Technical Analysis

CVE-2024-57273 is a medium-severity vulnerability affecting Netgate pfSense CE versions prior to the 2.8.0 beta release and corresponding Plus builds. The vulnerability is a Cross-site Scripting (XSS) flaw located in the Automatic Configuration Backup (ACB) service. Specifically, the issue arises due to improper sanitization of the "reason" field, which is user-controllable input. Additionally, the vulnerability leverages a derivable device key generated from the public SSH key, which can be used by remote attackers to exploit the flaw. Successful exploitation allows an attacker to execute arbitrary JavaScript code within the context of the victim's browser session. This can lead to unauthorized deletion of backups stored by the ACB service or leakage of sensitive information. The vulnerability requires low attack complexity (AC:L) and network access (AV:N), but does require privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the vulnerable component. The confidentiality and integrity impacts are low, while availability is not affected. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common XSS weakness. The vulnerability was reserved in January 2025 and published in May 2025, indicating recent discovery and disclosure.

Potential Impact

For European organizations using Netgate pfSense CE or Plus builds, this vulnerability poses a moderate risk. pfSense is widely used in enterprise and governmental networks as a firewall and routing platform, often protecting critical infrastructure and sensitive data. Exploitation could allow attackers to execute malicious scripts in administrative interfaces, potentially leading to unauthorized deletion of backup configurations or exposure of sensitive network configuration data. This could disrupt network management, complicate incident response, and increase the risk of further compromise. Given the requirement for some privilege and user interaction, the risk is somewhat mitigated but still significant in environments where administrative users may be targeted via phishing or social engineering. The confidentiality breach could expose network topology or credentials, aiding attackers in lateral movement. The integrity impact could undermine trust in backup data, complicating recovery efforts. While availability is not directly impacted, the indirect effects on operational continuity could be substantial. European organizations with strict data protection regulations (e.g., GDPR) must consider the potential for data leakage and ensure compliance in incident handling.

Mitigation Recommendations

To mitigate CVE-2024-57273, European organizations should: 1) Immediately upgrade pfSense CE and Plus builds to version 2.8.0 beta or later once officially released and verified stable, as this version addresses the vulnerability. 2) Until patches are applied, restrict access to the Automatic Configuration Backup service interface to trusted administrative networks only, using network segmentation and firewall rules to limit exposure. 3) Implement strict input validation and sanitization controls on any custom integrations or scripts interacting with the ACB service, if applicable. 4) Educate administrative users on phishing and social engineering risks to reduce the likelihood of user interaction exploitation. 5) Monitor logs and network traffic for unusual activity related to the ACB service, including unexpected backup deletions or access patterns. 6) Consider disabling the Automatic Configuration Backup service temporarily if it is not essential, to eliminate the attack surface. 7) Employ Content Security Policy (CSP) headers and other browser security mechanisms to mitigate the impact of potential XSS attacks. 8) Conduct regular security assessments and penetration testing focused on web interface vulnerabilities to detect similar issues proactively.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-01-09T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0f71484d88663aeb06d

Added to database: 5/20/2025, 6:59:03 PM

Last enriched: 7/4/2025, 12:25:33 PM

Last updated: 8/17/2025, 11:53:33 AM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats