CVE-2023-48123: 
pfSense Plus vulnerability analysis and mitigation

CVE-2023-48123 affects Netgate pfSense Plus v.23.05.1 and earlier versions, as well as pfSense CE v.2.7.0. The vulnerability allows a remote attacker with authentication to execute arbitrary code via a crafted request to the packetcapture.php file. The issue was discovered by joint researchers (Byeongcheol Choi, Jinyong Lee, PWNLAB@KHU) and was disclosed on October 31, 2023 ([Vendor Advisory](https://docs.netgate.com/downloads/pfSense-SA-2311.webgui.asc)).

The vulnerability exists in the packet_capture.php component of the pfSense WebGUI. The issue stems from insufficient validation of the 'count' and 'length' POST parameters when performing a packet capture. These values are directly used in shell commands without proper escaping, allowing for command injection. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

Due to the lack of proper command escaping, an authenticated attacker can execute arbitrary commands on the system by submitting specially crafted values for the 'count' or 'length' parameters in POST operations. The attacker must have sufficient privileges to access the packetcapture.php page ([Vendor Advisory](https://docs.netgate.com/downloads/pfSense-SA-2311.webgui.asc)).

Users can upgrade to pfSense Plus software version 23.09 or later, or pfSense CE software version 2.7.1 or later. For users unable to upgrade immediately, temporary mitigations include limiting access to the affected pages to trusted administrators only and avoiding logging into the firewall with the same browser used for non-administrative web browsing. The fix can also be applied through the System Patches package (Vendor Advisory).