PT-2023-20955 · Netgate · Pfsense Ce+1

Fabien Maisonnette

Publicado

2023-03-22

Atualizado

2025-02-25

CVE-2023-27100

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions pfSense Plus software version 22.05.1 pfSense CE software version 2.6.0

Description The issue is related to improper restriction of excessive authentication attempts in the SSHGuard component, allowing attackers to bypass brute force protection mechanisms via crafted web requests.

Recommendations For pfSense Plus software version 22.05.1, update to a version that includes a fix for this issue. For pfSense CE software version 2.6.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the SSHGuard component to minimize the risk of exploitation.

Exploit

Correção

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307

Identificadores relacionados

CVE-2023-27100

Produtos afetados

Pfsense Ce

Pfsense Plus

PT-2023-20955 · Netgate · Pfsense Ce+1

CVE-2023-27100

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10