Vulnerabilities > CVE-2018-20799 - Unspecified vulnerability in Netgate Pfsense 2.4.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

netgate

NVD

Published: 2019-03-01

Updated: 2019-10-03

Summary

In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.

Vulnerable Configurations

Part	Description	Count
Application	Netgate Netgate Pfsense 2.4.4	1

References

https://redmine.pfsense.org/issues/9223