CVE-2023-27100

EPSS 3.45%
Published 22.03.2023 23:15:12
Last modified 25.02.2025 22:15:14
Source cve@mitre.org
Teams watchlist Login
Open Login

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Netgate ≫ Pfsense Plus Version22.05.1

Pfsense ≫ Pfsense Version2.6.0 SwEditioncommunity

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.45%	0.871

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html

https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc

Vendor Advisory

https://redmine.pfsense.org/issues/13574

Patch

Vendor Advisory

Issue Tracking

https://packetstorm.news/files/id/171791

https://nvd.nist.gov/vuln/detail/CVE-2023-27100

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27100

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27100

EUVD