CVE-2016-9575 — MEDIUM (6.3)

Vulnerability Description

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.

CVSS Score

6.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Freeipa	Freeipa	4.2.0

Related Weaknesses (CWE)

CWE-285 CWE-863

References

http://rhn.redhat.com/errata/RHSA-2017-0001.htmlThird Party Advisory
http://www.securityfocus.com/bid/95068Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1395311Issue TrackingThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0001.htmlThird Party Advisory
http://www.securityfocus.com/bid/95068Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1395311Issue TrackingThird Party Advisory

FAQ

What is CVE-2016-9575?

CVE-2016-9575 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unp...

How severe is CVE-2016-9575?

CVE-2016-9575 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9575?

Check the references section above for vendor advisories and patch information. Affected products include: Freeipa Freeipa.