CVE-2023-27100
published 2023-03-22CVE-2023-27100: Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
9.84%
95.0th percentile
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgate | pfsense_plus | — | — |
| pfsense | pfsense | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect brute-force login attempts against pfSense web interface that bypass SSHGuard protections — look for high-frequency POST requests to the pfSense login page from a single source IP that would normally trigger lockout but do not result in a block. ↗
- →Hunt for automated credential stuffing or dictionary-attack traffic targeting pfSense login pages; the exploit accepts username and password wordlists and iterates all combinations, generating sequential login attempts in rapid succession. ↗
- →Use the Google dork 'intitle:"pfSense - Login"' to identify exposed pfSense login pages that may be targeted by this exploit. ↗
- ·Vulnerability affects pfSense CE v2.6.0 and pfSense Plus v22.05.1 specifically; the SSHGuard brute-force protection bypass is triggered via crafted web requests, meaning network-layer or host-based rate limiting alone may not be sufficient to block exploitation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.htmlhttps://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.aschttps://redmine.pfsense.org/issues/13574http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.htmlhttps://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.aschttps://redmine.pfsense.org/issues/13574https://packetstorm.news/files/id/171791
2023-03-22
Published