CVE-2015-4680

moderate-risk
Published 2017-04-05

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

Do I need to act?

-
0.38% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Suse Freeradius

References (14)

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html
Patch http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Applicat...
Patch http://www.ocert.org/advisories/ocert-2015-008.html
http://www.securityfocus.com/archive/1/535810/100/0/threaded
Third Party Advisory http://www.securityfocus.com/bid/75327
Third Party Advisory http://www.securitytracker.com/id/1032690
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1234975
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html
Patch http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Applicat...
Patch http://www.ocert.org/advisories/ocert-2015-008.html
http://www.securityfocus.com/archive/1/535810/100/0/threaded
Third Party Advisory http://www.securityfocus.com/bid/75327
Third Party Advisory http://www.securitytracker.com/id/1032690
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1234975
47
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate