VYPR
Unrated severityNVD Advisory· Published May 14, 2025· Updated May 20, 2025

CVE-2024-54780

CVE-2024-54780

Description

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Netgate/Pfsensecpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <2.8.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.