CVE-2015-4680 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Freeradius	Freeradius	3.0.0
Suse	Linux Enterprise Server	12
Suse	Linux Enterprise Software Development Kit	12

Related Weaknesses (CWE)

CWE-295

References

http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.htmlThird Party Advisory
http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-ApplicatPatchThird Party AdvisoryVDB Entry
http://www.ocert.org/advisories/ocert-2015-008.htmlPatchThird Party Advisory
http://www.securityfocus.com/archive/1/535810/100/0/threaded
http://www.securityfocus.com/bid/75327Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1032690Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1234975Issue TrackingPatch
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.htmlThird Party Advisory
http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-ApplicatPatchThird Party AdvisoryVDB Entry
http://www.ocert.org/advisories/ocert-2015-008.htmlPatchThird Party Advisory
http://www.securityfocus.com/archive/1/535810/100/0/threaded
http://www.securityfocus.com/bid/75327Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1032690Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1234975Issue TrackingPatch

FAQ

What is CVE-2015-4680?

CVE-2015-4680 is a vulnerability with a CVSS score of 7.5 (HIGH). FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

How severe is CVE-2015-4680?

CVE-2015-4680 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4680?

Check the references section above for vendor advisories and patch information. Affected products include: Freeradius Freeradius, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit.