Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetgate Pfsense Plus
APPNetgate22.05.1Pfsense
APPPfsense2.6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Referencje
Powiązane podatności
CVE-2025-69691CRITICAL9.9PL ✓ten sam produkt
Netgate pfSense CE 2.8.0 — RCE przez XMLRPC API (pfsense.exec_php)
CVE-2025-69690CRITICAL9.1PL ✓ten sam produkt
pfSense CE 2.7.2 — RCE przez deserializację PHP w instalatorze modułów
CVE-2023-29974CRITICAL9.8ten sam produkt
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password...
CVE-2024-54780HIGH8.8ten sam produkt
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injec...
CVE-2023-48123HIGH8.8ten sam produkt
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execu...