Access Restriction Bypass in pfSense by Netgate
CVE-2018-20798

7.5HIGH

Key Information:

Vendor: Netgate
Status: Pfsense
Vendor: CVE Published:; 1 March 2019

What is CVE-2018-20798?

The expiretable configuration in pfSense version 2.4.4_1 has been found to establish block durations that are not aligned with those established by sshguard. This misconfiguration can lead to scenarios where attackers might find it easier to circumvent intended access controls, potentially exposing the system to unauthorized access.

References

https://redmine.pfsense.org/issues/9223

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2019
Vulnerability Reserved
Mar 1, 2019