CVE-2023-27100

2023-03-2223:15:12

CWE-307

[email protected]

web.nvd.nist.gov

cve-2023-27100

netgate pfsense

sshguard

brute force protection

web requests

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

68.5%

JSON

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

Affected configurations

Nvd

Node

netgatepfsense_plusMatch22.05.1

pfsensepfsenseMatch2.6.0community

VendorProductVersionCPE
netgatepfsense_plus22.05.1cpe:2.3:a:netgate:pfsense_plus:22.05.1:*:*:*:*:*:*:*
pfsensepfsense2.6.0cpe:2.3:a:pfsense:pfsense:2.6.0:*:*:*:community:*:*:*

Vendor	Product	Version	CPE
netgate	pfsense_plus	22.05.1	cpe:2.3:a:netgate:pfsense_plus:22.05.1:::::::*
pfsense	pfsense	2.6.0	cpe:2.3:a:pfsense:pfsense:2.6.0::::community:::