pfSense CE Suricata Package File Enumeration Vulnerability in IP Reputation Management

A file enumeration vulnerability has been identified in the Suricata package for pfSense CE. The issue arises in the 'suricata_ip_reputation.php' file, where the 'iplist' parameter is not properly sanitized to remove directory traversal characters before being used in a file existence check. Although the contents of the file cannot be accessed, the server discloses whether the file exists, allowing an authenticated attacker with 'WebCfg - Services: Suricata package' permissions to enumerate files on the system.

Impact

Exploitation of this vulnerability could lead to unauthorized file enumeration on the server.

Reproduction

To reproduce this vulnerability, an authenticated user with 'WebCfg - Services: Suricata package' permissions can send a request to 'suricata_ip_reputation.php' with a crafted 'iplist' parameter that includes directory traversal sequences. The server's response will indicate whether the specified file exists, thereby facilitating file enumeration.

Remediation

Users can update to the latest version of the pfSense Suricata package, which addresses this vulnerability.