CVE-2018-20799
First published: Fri Mar 01 2019(Updated: )
In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate pfSense | =2.4.4-p1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-20799.
What is the severity level of CVE-2018-20799?
The severity level of CVE-2018-20799 is high (7.5).
What is the affected software for CVE-2018-20799?
The affected software for CVE-2018-20799 is pfSense 2.4.4_1.
What is the behavior inconsistency in pfSense 2.4.4_1 related to CVE-2018-20799?
The blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication in pfSense 2.4.4_1.
Is there any additional reference for CVE-2018-20799?
Yes, you can find additional reference for CVE-2018-20799 at: https://redmine.pfsense.org/issues/9223
- collector/nvd-index
- vendor/netgate
- canonical/netgate pfsense
- version/netgate pfsense/2.4.4-p1