CVE-2023-27100
Summary
| CVE | CVE-2023-27100 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-22 23:15:00 UTC |
| Updated | 2023-04-10 20:15:00 UTC |
| Description | Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. |
Risk And Classification
Problem Types: CWE-307
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netgate | Pfsense Plus | 22.05.1 | All | All | All |
| Application | Pfsense | Pfsense | 2.6.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc | MISC | docs.netgate.com | |
| Bug #13574: Extra remote address information can confuse ``sshguard`` - pfSense - pfSense bugtracker | MISC | redmine.pfsense.org | |
| pfsenseCE 2.6.0 Protection Bypass ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.