CVE Vulnerabilities

CVE-2015-4680

Improper Certificate Validation

Published: Apr 05, 2017 | Modified: Oct 09, 2018
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Freeradius Freeradius 3.0.5 3.0.5
Freeradius Freeradius 3.0.8 3.0.8
Freeradius Freeradius 3.0.1 3.0.1
Freeradius Freeradius 3.0.3 3.0.3
Freeradius Freeradius 3.0.6 3.0.6
Freeradius Freeradius 3.0.0 3.0.0
Freeradius Freeradius 3.0.4 3.0.4
Freeradius Freeradius 3.0.2 3.0.2
Freeradius Freeradius 3.0.7 3.0.7

Potential Mitigations

References