CVE-2018-20798Incorrect Permission Assignment in Pfsense

CWE-732Incorrect Permission Assignment2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 62.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgate Pfsense
Timeline
PublishedMar 1
Latest updateMay 13

Description

The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDnetgate/pfsense2.4.4

Patches

Patch: redmine.pfsense.orgPatch: redmine.pfsense.org

🔴Vulnerability Details

1
GHSA
GHSA-pjhq-f4xq-m288: The expiretable configuration in pfSense 22022-05-13
CVE-2018-20798 — Incorrect Permission Assignment | cvebase