Netgate pfSense sshguard Implementation Access Bypass Vulnerability [CVE-2018-20799]

CVE Number – CVE-2018-20799

A vulnerability in Netgate pfSense could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system.The vulnerability is due to inconsistencies related to blocking source IP addresses in connection with HTTPS authentications and failed SSH authentications. An attacker could exploit this vulnerability by attempting to connect via one protocol and then with another protocol. A successful exploit could allow an attacker to bypass intended security access restrictions.Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.Netgate has confirmed this vulnerability and has released updated software.

Analysis

• To successfully exploit this vulnerability, an attacker must have access to the network and the ability to establish a service connection to the targeted system. The attacker would then need to establish another service connection to the targeted system in order to bypass access restrictions. These requirements could reduce the likelihood of a successful exploit.
  

Safeguards

• Administrators are advised to apply the appropriate updates.Administrators are advised to allow only trusted users to have network access.Administrators are advised to run both firewall and antivirus applications to minimize the potential of inbound and outbound threats.Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.Administrators can help protect affected systems from external attacks by using a solid firewall strategy.Administrators are advised to monitor affected systems.

Vendor Announcements

• Netgate has addressed this vulnerability in a security issue at the following link: 9223
  

Fixed Software

• Netgate has released a patch at the following link: sshguad_by_service_filtering.patch