CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20799

In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.4%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://redmine.pfsense.org/issues/9223
https://redmine.pfsense.org/issues/9223

Products affected by CVE-2018-20799

Netgate » Pfsense » Version: 2.4.4

cpe:2.3:a:netgate:pfsense:2.4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20799

Products

Pricing

Contact Us