6.4

CVE-2012-4523

EPSS 0.19%
Published 20.11.2012 00:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Uninett ≫ Radsecproxy Version <= 1.6

Uninett ≫ Radsecproxy Version1.0

Uninett ≫ Radsecproxy Version1.0 Updatealpha

Uninett ≫ Radsecproxy Version1.0 Updatealpha-p1

Uninett ≫ Radsecproxy Version1.0 Updatep1

Uninett ≫ Radsecproxy Version1.1

Uninett ≫ Radsecproxy Version1.1 Updatealpha

Uninett ≫ Radsecproxy Version1.1 Updatebeta

Uninett ≫ Radsecproxy Version1.2

Uninett ≫ Radsecproxy Version1.3 Updatealpha

Uninett ≫ Radsecproxy Version1.3 Updatebeta

Uninett ≫ Radsecproxy Version1.3.1

Uninett ≫ Radsecproxy Version1.4

Uninett ≫ Radsecproxy Version1.4.1

Uninett ≫ Radsecproxy Version1.4.2

Uninett ≫ Radsecproxy Version1.4.3

Uninett ≫ Radsecproxy Version1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.371

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/51251

Vendor Advisory

http://www.debian.org/security/2012/dsa-2573

http://www.openwall.com/lists/oss-security/2012/10/17/7

http://www.openwall.com/lists/oss-security/2012/10/31/6

http://www.securityfocus.com/bid/56105

https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html

https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html

https://project.nordu.net/browse/RADSECPROXY-43

https://nvd.nist.gov/vuln/detail/CVE-2012-4523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-4523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-4523

EUVD