Vulnerability in Netgate Pfsense_plus
CVE-2023-27100
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web reque…
EPSS: 0.098 (95.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Netgate Pfsense_plus — versions 22.05.1
- Pfsense — versions 2.6.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (Vendor Advisory)
- cve@mitre.org (Patch, Issue Tracking, Vendor Advisory)
- cve@mitre.org
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
Frequently asked questions
- What is CVE-2023-27100?
- CVE-2023-27100 is a critical-severity vulnerability in Netgate Pfsense_plus, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 9.8/10. Published 2023-03-22.
- How severe is CVE-2023-27100?
- Critical severity. CVSS v3 base score is 9.8 out of 10.
- Is CVE-2023-27100 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.