Vulnerabilities > Pfsense > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2023-29975 Improper Authentication vulnerability in Pfsense 2.6.0
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
network
low complexity
pfsense CWE-287
7.2
2012-01-03 CVE-2011-4197 Permissions, Privileges, and Access Controls vulnerability in Pfsense
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.
network
low complexity
pfsense CWE-264
7.5