Published: 2019-08-21 | Updated: 2019-08-21
Severity
Medium
Patch available
YES
Number of vulnerabilities
5
CVE ID
CVE-2019-5611CVE-2019-5612CVE-2019-5603
CWE ID
CWE-20CWE-399CWE-125CWE-264
Exploitation vector
Network
Public exploit
N/A
Vulnerable software
FreeBSD Subscribe
Vendor
FreeBSD Foundation
Security Advisory
1) Input validation error
Severity: Medium
CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID: CWE-20 - Improper Input Validation
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incompatibility of firewall rules created with older versions of ipfw(8) utility that support jail keyword. The issue results in rules with the jail keyword are not applied, leading to potential unauthorized access to the services, protected by the firewall rules.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
FreeBSD: 11.3
CPE
External links
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:17.ipfw.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
..
Support the originator by clicking the read the rest link below.