Skip to main content

Jss Cryptomanager CVE-2019-14823

HIGH
Improperly Implemented Security Check for Standard (CWE-358)
2019-10-14 secalert@redhat.com
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 14, 2019 - 20:15 nvd
HIGH 7.4

DescriptionNVD

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

AnalysisAI

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-358. A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. Affected products include: Jss Cryptomanager Project Jss Cryptomanager, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2019-14823 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy