CVE-2015-4680

CWE-295 — Improper Certificate Validation CWE-2998 documents7 sources

Severity

7.5HIGH

EPSS

0.4%

top 40.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freeradius Freeradius Suse Linux Enterprise Server Suse Linux Enterprise Software Development KIT

Timeline

PublishedApr 5

Latest updateMay 14

Description

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianfreeradius< 2.2.8+dfsg-0.1+3

▶NVDfreeradius/freeradius17 versions+16

▶NVDsuse/linux_enterprise_server12

▶NVDsuse/linux_enterprise_software_development_kit12

Patches

Patch: packetstormsecurity.com ↗Patch: www.ocert.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-58q5-m5pm-jwpv: FreeRADIUS 2↗2022-05-14

▶

OSV

CVE-2015-4680: FreeRADIUS 2↗2017-04-05

▶

CVEList

CVE-2015-4680: FreeRADIUS 2↗2017-04-05

▶

📋Vendor Advisories

Red Hat

freeradius: insufficent CRL application↗2015-06-22

▶

Debian

CVE-2015-4680: freeradius - FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check rev...↗2015

▶

💬Community

Bugzilla

CVE-2015-4680 freeradius: insufficent CRL application↗2015-06-23

▶

Bugzilla

CVE-2015-4680 freeradius: insufficent CRL application [fedora-all]↗2015-06-23

▶