9.8
CVE-2017-9148
- EPSS 1.21%
- Veröffentlicht 29.05.2017 17:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Freeradius ≫ Freeradius Version2.1.1
Freeradius ≫ Freeradius Version2.1.2
Freeradius ≫ Freeradius Version2.1.3
Freeradius ≫ Freeradius Version2.1.4
Freeradius ≫ Freeradius Version2.1.6
Freeradius ≫ Freeradius Version2.1.7
Freeradius ≫ Freeradius Version3.0.0
Freeradius ≫ Freeradius Version3.0.1
Freeradius ≫ Freeradius Version3.0.2
Freeradius ≫ Freeradius Version3.0.3
Freeradius ≫ Freeradius Version3.0.4
Freeradius ≫ Freeradius Version3.0.5
Freeradius ≫ Freeradius Version3.0.6
Freeradius ≫ Freeradius Version3.0.7
Freeradius ≫ Freeradius Version3.0.8
Freeradius ≫ Freeradius Version3.0.9
Freeradius ≫ Freeradius Version3.1.0
Freeradius ≫ Freeradius Version3.1.1
Freeradius ≫ Freeradius Version3.1.2
Freeradius ≫ Freeradius Version3.1.3
Freeradius ≫ Freeradius Version4.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.21% | 0.771 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.