CVE-2020-25580

MEDIUM

FreeBSD - Privilege Escalation

Title source: llm

Description

In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored.

References (2)

[Vendor Advisory] https://security.FreeBSD.org/advisories/FreeBSD-SA-21:03.pam_login_access.asc

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210423-0005/

Scores

CVSS v3 5.3

EPSS 0.0024

EPSS Percentile 47.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-697

Status published

Products (2)

freebsd/freebsd 11.4 (8 CPE variants)

freebsd/freebsd 12.2 (4 CPE variants)

Published Mar 26, 2021

Tracked Since Feb 18, 2026