CVE-2023-27100

CVE Database · CVE-2023-27100

CVE-2023-27100

· CRITICALModified

CVSS v3.1

9.8

EPSS

9.84%

Published

Mar 22, 2023

Modified

Feb 25, 2025

Public PoC / Exploit (2)

All weaponized →

Exploit-DBpfsenseCE v2.6.0 - Anti-brute force protection bypass TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-307CWE-307

Affected Products (2)

netgate · pfsense_plusvulnerable

pfsense · pfsensevulnerable

References (7)

http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html

https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc

Vendor Advisory

https://redmine.pfsense.org/issues/13574

Issue TrackingPatchVendor Advisory

http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html

https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc

Vendor Advisory

https://redmine.pfsense.org/issues/13574

Issue TrackingPatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs