• Home
  • Attack
  • Dataset
  • Contact Us
        • T1-24–01–S–N–CL
        • T2-24–01–S–N–CL
        • T3-24–01–S–N–CL
        • T4-24–01–S–E–M
        • T5-24–01–S–E–LM
        • T6-24–01–S–E–FH
        • T7-24–01–M–NE–CLM
        • T8-24–01–M–NE–CFHL
        • T9-24–01–M–NE–CLM
        • T1-24–02–S–N–CIKM
        • T2-24–02–S–N–CL
        • T3-24–02–S–N–CL
        • T4-24-02-S-E-M
        • T5-24-02-S-E-DL
        • T6-24-02-S-E-DEGN
        • T7-24-02-M-NE-CDEGLN
        • T8-24-02-M-NE-CDL
        • T9-24-02-M-NE-CLH
        • T1-25–01–S–N–CD
        • T2-25–01–S–N–CL
        • T3-25–01–S–N–CD
        • T4-25-01-S-E-FH
        • T5-25-01-S-E-CL
        • T6-25-01-S-E-CL
        • T7-25-01-M-NE-CDN
        • T8-25-01-M-NE-CLFH
        • T9-25-01-M-NE-CDFH
  • T1-25–01–S–N–CD

  • pfSense Stored XSS Vulnerability (CVE-2024-46538)

    pfSense Stored XSS Vulnerability (CVE-2024-46538) is a stored cross-site scripting(XSS) vulnerability in the interface group management menu of pfSense version 2.5.2. Due to insufficient input validation, an attacker can inject arbitrary malicious scripts. Exploitation of this XSS may enable an attacker to exfiltrate an operator’s Cross-Site Request Forgery(CSRF) token and leverage the administrator console to execute arbitrary commands. Using that capability, the attacker can install malware on the device, gain control of the firewall, and modify rules to support persistent attacks. Mitigation includes avoiding use of the vulnerable pfSense version (2.5.2), applying available patches via pfSense’s Patch function, or implementing input encoding (e.g., replacing HTML entities) in the affected source code.

    •  


  • OS IP Software Log collection
    time    		 Program
    runtime
    Attacker Windows 11 192.168.56.1 - 30 sec 120 sec
    Victim - 192.168.56.10 (Internal)
    10.0.2.15 (External)    		 pfSense v2.5.2

  • Installation
  • python3 -m venv venv
    .\venv\Scripts\Activate.ps1
    pip install -r requirements.txt

  • Usage
  • Make sure to run Terminal 1 before Terminal 2

    [Terminal 1]
    python3 -m http.server

    [Terminal 2]
    python3 run.py

  • MITRE ATT&CK Framework
  • Attack Tactic
    Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion
    Credential Discovery Lateral Movement Collection Command and Control Exfiltration Impact

  • Logs
  • ./log/2025_01_T1_{time}.pcap # YYmmdd_HHMMSS


  • References
  • [1] NIST [CVE-2024-46538]
    [2] SK Shieldus [[Research & Technique] pfSense XSS Vulnerabilities (CVE-2024-46538)
    [3] Github - EQSTLab [CVE-2024-46538]

  • ※ Click on the attack name to see a description and scenario for the attack
    • 2025
    • T1-25–01–S–N–CD
    • T2-25–01–S–N–CL
    • T3-25–01–S–N–CD
    • T4-25–01–S–E–FH
    • T5-25–01–S–E–CL
    • T6-25–01–S–E–CL
    • T7-25–01–M–NE–CDN
    • T8-25–01–M–NE–CLFH
    • T9-25–01–M–NE–CDFH
  • Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.