CVE-2018-20799

Published: Mar 1, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.

Affected (1)

Products: Netgate: Pfsense

Netgate

1 product

Pfsense

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netgate Pfsense	Version 2.4.4 p1

References (2)

https://redmine.pfsense.org/issues/9223

Source: cve@mitre.org

ExploitIssue TrackingPatchVendor Advisory

https://redmine.pfsense.org/issues/9223

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

Timeline

No history available yet.