CVE-2023-27100

Опубликовано: 22 мар. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

Ссылки

http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html
https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc
Vendor Advisory
https://redmine.pfsense.org/issues/13574
Issue Tracking
Patch
Vendor Advisory
http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html
https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc
Vendor Advisory
https://redmine.pfsense.org/issues/13574
Issue Tracking
Patch
Vendor Advisory
https://packetstorm.news/files/id/171791

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netgate:pfsense_plus:22.05.1:*:*:*:*:*:*:*

cpe:2.3:a:pfsense:pfsense:2.6.0:*:*:*:community:*:*:*

EPSS

Процентиль: 85%

0.02577

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-wmh3-5pfq-qpp8