CVE-2017-2590

moderate-risk

Published 2018-07-27

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (10)

Freeipa

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Affected Vendors

Redhat Freeipa

References (6)

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0388.html

Third Party Advisory http://www.securityfocus.com/bid/96557

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0388.html

Third Party Advisory http://www.securityfocus.com/bid/96557

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate