Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BullWall Server Intrusion Protection (SIP) initialization race condition
Vulnerability Description
BullWall Server Intrusion Protection (SIP) services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP MFA. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions mayy also be affected. BullWall plans to improve detection method documentation.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
BullWall Server Intrusion Protection 安全漏洞
Vulnerability Description
BullWall Server Intrusion Protection是丹麦BullWall公司的一个服务器安全软件。 BullWall Server Intrusion Protection 4.6.0.0版本、4.6.0.6版本、4.6.0.7版本和4.6.1.4版本存在安全漏洞,该漏洞源于服务初始化顺序不当,可能导致特权攻击者绕过MFA。
CVSS Information
N/A
Vulnerability Type
N/A