Skip to main content

Freeradius CVE-2015-4680

HIGH
Improper Certificate Validation (CWE-295)
2017-04-05 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 05, 2017 - 17:59 cve.org
HIGH 7.5

DescriptionCVE.org

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

AnalysisAI

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-295. FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. Affected products include: Freeradius, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit. Version information: before 2.2.8.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-10979 CRITICAL
9.8 Jul 17

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attack

CVE-2024-3596 CRITICAL
9.0 Jul 09

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (

CVE-2017-10984 CRITICAL
9.8 Jul 17

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attac

CVE-2014-2015 HIGH POC
7.5 Nov 02

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x,

CVE-2019-10143 HIGH POC
7.0 May 24

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local

CVE-2019-13456 MEDIUM POC
6.5 Dec 03

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element canno

CVE-2017-9148 CRITICAL
9.8 May 29

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before

CVE-2019-11235 CRITICAL
9.8 Apr 22

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that

CVE-2019-11234 CRITICAL
9.8 Apr 22

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a si

CVE-2012-3547 MEDIUM
6.8 Sep 18

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP m

CVE-2015-8763 HIGH
8.1 Mar 27

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1)

CVE-2015-8764 HIGH
8.1 Mar 27

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. Rated high sev

Share

CVE-2015-4680 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy