CVE-2017-7537
Description
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.125
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2017:2335) Moderate: pki-core security update pki-base-10.4.1-11.el7.noarch.rpm | Linux |
| (RHSA-2017:2335) Moderate: pki-core security update pki-base-java-10.4.1-11.el7.noarch.rpm | Linux |
| (RHSA-2017:2335) Moderate: pki-core security update pki-ca-10.4.1-11.el7.noarch.rpm | Linux |
| (RHSA-2017:2335) Moderate: pki-core security update pki-javadoc-10.4.1-11.el7.noarch.rpm | Linux |
| (RHSA-2017:2335) Moderate: pki-core security update pki-kra-10.4.1-11.el7.noarch.rpm | Linux |
| (RHSA-2017:2335) Moderate: pki-core security update pki-server-10.4.1-11.el7.noarch.rpm | Linux |
| (RHSA-2017:2335) Moderate: pki-core security update pki-symkey-10.4.1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2335) Moderate: pki-core security update pki-tools-10.4.1-11.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234