CVE-2010-3869

CWE-3106 documents6 sources

Severity

4.0MEDIUM

EPSS

0.2%

top 58.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Certificate System

Timeline

PublishedNov 17

Latest updateMay 17

Description

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/certificate_system7.3, 8+1

Patches

Patch: fedorahosted.org ↗Patch: fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-5f9q-v927-crw8: Red Hat Certificate System (RHCS) 7↗2022-05-17

▶

CVEList

CVE-2010-3869: Red Hat Certificate System (RHCS) 7↗2010-11-17

▶

💥Exploits & PoCs

Exploit-DB

Sun Java - JRE AWT setDiffICM Buffer Overflow (Metasploit)↗2010-09-20

▶

📋Vendor Advisories

Red Hat

System: SCEP one-time PIN reuse↗2010-11-08

▶

💬Community

Bugzilla

CVE-2010-3869 Certificate System: SCEP one-time PIN reuse↗2010-11-02

▶