More than 92% of internet-exposed instances of the pfSense open-source firewall and router software could be compromised to achieve remote code execution by chaining the reflective XSS vulnerabilities, tracked as CVE-2023-42325 and CVE-2023-42327, as well as the command injection bug, tracked as CVE-2023-42326, all of which have already been addressed by Netgate, according to BleepingComputer.
Article Link: RCE attacks could impact most internet-exposed pfSense instances | SC Media