Main Vulnerability Database Vulnerabilities #VU36084

#VU36084 Security Features in pfsense - CVE-2018-20798

Published: March 1, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36084

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-20798

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pfsense

Software vendor:
Rubicon Communications

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions.

Remediation

Install update from vendor's website.

External links

https://redmine.pfsense.org/issues/9223