Vulnerability Details : CVE-2010-3869
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.
Exploit prediction scoring system (EPSS) score for CVE-2010-3869
Probability of exploitation activity in the next 30 days: 0.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3869
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2010-3869
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3869
-
https://bugzilla.redhat.com/show_bug.cgi?id=648883
648883 – (CVE-2010-3869) CVE-2010-3869 Certificate System: SCEP one-time PIN reuse
-
https://fedorahosted.org/pki/changeset/1246
Overview - dogtagpki - Pagure.ioPatch
-
https://rhn.redhat.com/errata/RHSA-2010-0838.html
RHSA-2010:0838 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://securitytracker.com/id?1024697
Red Hat Certificate System Bugs Let Remote Users Obtain One-Time PINs and Generate Certificates - SecurityTracker
-
https://rhn.redhat.com/errata/RHSA-2010-0837.html
Red Hat Customer PortalVendor Advisory
Products affected by CVE-2010-3869
- cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:dogtag_certificate_system:*:*:*:*:*:*:*:*