VIR Vulnerability Intelligence Relay

CVE-2014-4691

medium
Published 2014-07-02 · Modified 2026-05-06
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://pfsense.org/security/advisories/pfSense-SA-14_12.webgui.asc

Application impact
VendorProductVersionsFixed
netgatepfsense{"endIncluding":"2.1.3"}

References

Verify integrity in audit chain (admin only). AS-IS.