Is CVE-2018-4021 actively exploited?

CVE-2018-4021 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-4021?

CVE-2018-4021 has a CVSS score of 7.2 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2018-4021?

Patch guidance is available from netgate security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-4021.

Fix CVE-2018-4021 - HIGH netgate pfsense

Description

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: high
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-78 · OS Command Injection

Metadata

Primary Vendor: NETGATE
Published: 12/3/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2018-4021

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary