BullWall Server Intrusion Protection Initialization Race Condition Vulnerability Allowing MFA Bypass

Vulnerability

A vulnerability exists in BullWall Server Intrusion Protection (SIP) due to a race condition in the initialization process. The SIP services are started after the login services, allowing an authenticated attacker with administrative rights to log in after the system has booted and bypass multi-factor authentication (MFA). The SIP service fails to retroactively apply the authentication challenge or terminate unauthenticated sessions. This issue has been confirmed in BullWall Server Intrusion Protection versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4, with the possibility that other versions may also be affected.

Impact

Exploitation of this vulnerability allows for unauthorized access by bypassing multi-factor authentication, potentially leading to unauthorized actions within the application.

Added: Dec 18, 2025, 9:23 PM

Updated: Dec 18, 2025, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BullWall Server Intrusion Protection Initialization Race Condition Vulnerability Allowing MFA Bypass

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating