Vulnerabilities > Pfsense > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-09 | CVE-2023-29975 | Improper Authentication vulnerability in Pfsense 2.6.0 An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. | 7.2 |
2012-01-03 | CVE-2011-4197 | Permissions, Privileges, and Access Controls vulnerability in Pfsense etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. | 7.5 |