CVE-2018-20799Pfsense vulnerability

2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 54.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgate Pfsense
Timeline
PublishedMar 1
Latest updateMay 13

Description

In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDnetgate/pfsense2.4.4

Patches

Patch: redmine.pfsense.orgPatch: redmine.pfsense.org

🔴Vulnerability Details

1
GHSA
GHSA-556r-ph87-2m55: In pfSense 22022-05-13
CVE-2018-20799 — Netgate Pfsense vulnerability | cvebase