CVE-2023-27100
First published: Wed Mar 22 2023(Updated: )
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate pfSense Plus | =22.05.1 | |
| pfSense pfSense | =2.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2023-27100.
What is the title of this vulnerability?
The title of this vulnerability is "Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0."
What is the severity of CVE-2023-27100?
The severity of CVE-2023-27100 is critical with a CVSS score of 9.8.
Which software versions are affected by this vulnerability?
Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 are affected by this vulnerability.
How can attackers bypass the brute force protection mechanisms?
Attackers can bypass the brute force protection mechanisms by using crafted web requests.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/netgate
- canonical/netgate pfsense plus
- version/netgate pfsense plus/22.05.1
- vendor/pfsense
- canonical/pfsense pfsense
- version/pfsense pfsense/2.6.0