PT-2023-22500 · Unknown · Pfsense Ce

Published

2023-11-09

·

Updated

2023-11-16

·

CVE-2023-29975

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Pfsense CE version 2.6.0
Description An issue in Pfsense CE allows attackers to change the password of any user without verification.
Recommendations For Pfsense CE version 2.6.0, update to a newer version that contains a fix for this issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2023-29975

Affected Products

Pfsense Ce