CVE-2023-27100

CRITICAL

Netgate pfSense Plus <v22.05.1 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-27100. PoCs published by FabDotNET, DarokNET, fabdotnet.

AI-analyzed exploit summary This exploit bypasses the anti-brute force protection in pfSense CE <= 2.6.0 by manipulating the X-Forwarded-For header to avoid IP-based rate limiting. It performs a credential brute-force attack using provided username and password lists.

Description

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

Exploits (3)

exploitdb WORKING POC

by FabDotNET · pythonremotehardware

https://www.exploit-db.com/exploits/51352

View Code ZIP pw:eip

This exploit bypasses the anti-brute force protection in pfSense CE <= 2.6.0 by manipulating the X-Forwarded-For header to avoid IP-based rate limiting. It performs a credential brute-force attack using provided username and password lists.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: pfSense CE <= 2.6.0

No auth needed

Prerequisites: Network access to the pfSense web interface · Username and password lists for brute-forcing

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by DarokNET · poc

https://github.com/DarokNET/CVE-2023-27100

View Code ZIP pw:eip

The repository contains a functional Python script that exploits CVE-2023-27100, an anti-brute force protection bypass in pfSense CE <= 2.6.0. The exploit leverages the 'X-Forwarded-For' header to bypass authentication rate limits and performs a credential brute-force attack.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: pfSense CE <= 2.6.0

No auth needed

Prerequisites: Access to the pfSense login page · Username and password dictionaries

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by fabdotnet · poc

https://github.com/fabdotnet/CVE-2023-27100

View Code ZIP pw:eip

This repository contains a functional Python script that exploits CVE-2023-27100, an anti-brute force protection bypass in pfSense CE <= 2.6.0. The exploit leverages the 'X-Forwarded-For' header to bypass authentication rate limits and performs a credential brute-force attack.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: pfSense CE <= 2.6.0

No auth needed

Prerequisites: Network access to the pfSense web interface · Valid username and password lists for brute-forcing

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources

https://packetstorm.news/files/id/171791

Vendor Advisory

https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc

Issue Tracking, Patch, Vendor Advisory

https://redmine.pfsense.org/issues/13574

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html

Scores

CVSS v3 9.8

EPSS 0.0984

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-307

Status published

Products (2)

netgate/pfsense_plus 22.05.1

pfsense/pfsense 2.6.0

Published Mar 22, 2023

Tracked Since Feb 18, 2026