Main Vulnerability Database Vulnerabilities #VU36085

#VU36085 Input validation error in pfsense - CVE-2018-20799

Published: March 1, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36085

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-20799

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pfsense

Software vendor:
Rubicon Communications

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.

Remediation

Install update from vendor's website.

External links

https://redmine.pfsense.org/issues/9223

#VU36085 Input validation error in pfsense - CVE-2018-20799

Description

Remediation

External links

Please verify you're human