21 results (0.004 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. Un problema descubierto en Pfsense CE versión 2.6.0 permite a los atacantes cambiar la contraseña de cualquier usuario sin verificación. • https://www.esecforte.com/cve-2023-29975-unverified-password-changed • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. Un problema descubierto en Pfsense CE versión 2.6.0 permite a los atacantes comprometer cuentas de usuario mediante requisitos de contraseña débiles. • https://www.esecforte.com/cve-2023-29974-weak-password-policy • CWE-521: Weak Password Requirements •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. Pfsense CE versión 2.6.0 es vulnerable a No rate limit, lo que puede llevar a que un atacante cree múltiples usuarios maliciosos en el firewall. • https://www.esecforte.com/cve-2023-29973-no-rate-limit • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. • http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3 https://pastebin.com/8dj59053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. pfsenseCE version 2.6.0 suffers from an anti-brute force protection bypass vulnerability. • https://www.exploit-db.com/exploits/51352 https://github.com/DarokNET/CVE-2023-27100 https://github.com/fabdotnet/CVE-2023-27100 http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc https://redmine.pfsense.org/issues/13574 • CWE-307: Improper Restriction of Excessive Authentication Attempts •