Vulnerability Advisory for pfSense

11 Mar 2019

No Comments

716

Advisory ID: BGD-2019-0003

Version: 1.00

Probability: medium

CVE ID: CVE-2018-20799

Damage: low

Publication date: 2019-03-11

Description: In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.

Impact: f failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.

Platform(s) affected:

Debian Linux
Huawei 5710EI Firmware

Mitigation: or now, and as a minimal workaround, i suggest to remove or comments crontabs lines : that solve many problems and make sshguard works as expected

Reference URL’s:

BGD-2019-0003

info@cirt.gov.bd

+88-02-550071 83-86

Vulnerability Advisory for pfSense

by taranis

11 Mar 2019

in Advisories Test

No Comments

716

taranis

Recommended Posts

Cisco IOS XE Software Local Command Injection Vulnerability

Cisco Small Business RV320 and RV325 Routers CVE-2019-1828 Weak Encryption Security Weakness

Cisco FXOS and NX-OS System Software Multiple Denial of Service Vulnerabilities

Subscribe here

Important links

MEMBER OF: