CVE-2023-29975
https://notcve.org/view.php?id=CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. Un problema descubierto en Pfsense CE versión 2.6.0 permite a los atacantes cambiar la contraseña de cualquier usuario sin verificación. • https://www.esecforte.com/cve-2023-29975-unverified-password-changed • CWE-287: Improper Authentication •
CVE-2023-29974
https://notcve.org/view.php?id=CVE-2023-29974
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. Un problema descubierto en Pfsense CE versión 2.6.0 permite a los atacantes comprometer cuentas de usuario mediante requisitos de contraseña débiles. • https://www.esecforte.com/cve-2023-29974-weak-password-policy • CWE-521: Weak Password Requirements •
CVE-2023-29973
https://notcve.org/view.php?id=CVE-2023-29973
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. Pfsense CE versión 2.6.0 es vulnerable a No rate limit, lo que puede llevar a que un atacante cree múltiples usuarios maliciosos en el firewall. • https://www.esecforte.com/cve-2023-29973-no-rate-limit • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-19678
https://notcve.org/view.php?id=CVE-2020-19678
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. • http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3 https://pastebin.com/8dj59053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-27100 – pfsenseCE v2.6.0 - Anti-brute force protection bypass
https://notcve.org/view.php?id=CVE-2023-27100
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. pfsenseCE version 2.6.0 suffers from an anti-brute force protection bypass vulnerability. • https://www.exploit-db.com/exploits/51352 https://github.com/DarokNET/CVE-2023-27100 https://github.com/fabdotnet/CVE-2023-27100 http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc https://redmine.pfsense.org/issues/13574 • CWE-307: Improper Restriction of Excessive Authentication Attempts •