CRITICAL🇬🇧 English

CVE-2023-27100

CVSS 9.8v3.1pub. 2023-03-22upd. 2025-02-25

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgate Pfsense Plus

    APP
    Netgate
    22.05.1
  • Pfsense

    APP
    Pfsense
    2.6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-69691CRITICAL9.9PL ✓ten sam produkt

Netgate pfSense CE 2.8.0 — RCE przez XMLRPC API (pfsense.exec_php)

CVE-2025-69690CRITICAL9.1PL ✓ten sam produkt

pfSense CE 2.7.2 — RCE przez deserializację PHP w instalatorze modułów

CVE-2023-29974CRITICAL9.8ten sam produkt

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password...

CVE-2024-54780HIGH8.8ten sam produkt

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injec...

CVE-2023-48123HIGH8.8ten sam produkt

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execu...