Inconsistency in Access Restrictions in pfSense by Netgate
CVE-2018-20799

7.5HIGH

Key Information:

Vendor: Netgate
Status: Pfsense
Vendor: CVE Published:; 1 March 2019

What is CVE-2018-20799?

In pfSense version 2.4.4_1, there is an inconsistency in the management of blocking source IP addresses based on failed HTTPS authentication compared to failed SSH authentication. This discrepancy does not align with the behavior outlined in the sshguard documentation, potentially allowing attackers to exploit this inconsistency and bypass the intended access restrictions set within the system.

References

https://redmine.pfsense.org/issues/9223

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2019
Vulnerability Reserved
Mar 1, 2019