CVE-2012-5484

CWE-3107 documents6 sources

Severity

7.9HIGH

EPSS

0.5%

top 35.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Freeipa

Timeline

PublishedJan 27

Latest updateMay 17

Description

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages2 packages

▶PyPIfreeipa< 91f4af7e6af53e1c6bf17ed36cb2161863eddae4+4

▶NVDredhat/freeipa11 versions+10

🔴Vulnerability Details

GHSA

GHSA-6rr4-9qrg-g6j5: The client in FreeIPA 2↗2022-05-17

▶

OSV

CVE-2012-5484: The client in FreeIPA 2↗2013-01-27

▶

CVEList

CVE-2012-5484: The client in FreeIPA 2↗2013-01-27

▶

📋Vendor Advisories

Red Hat

ipa: weakness when initiating join from IPA client can potentially compromise IPA domain↗2013-01-23

▶

💬Community

Bugzilla

CVE-2012-5484 ipa: weakness when initiating join from IPA client can potentially compromise IPA domain [fedora-all]↗2013-01-23

▶

Bugzilla

CVE-2012-5484 ipa: weakness when initiating join from IPA client can potentially compromise IPA domain↗2012-11-13

▶