Vulnerability Details : CVE-2017-9148
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-9148
- cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9148
1.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9148
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-9148
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9148
-
http://www.securityfocus.com/bid/98734
FreeRADIUS TLS CVE-2017-9148 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1581
RHSA-2017:1581 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201706-27
FreeRADIUS: Security bypass (GLSA 201706-27) — Gentoo security
-
http://freeradius.org/security.html
ReleasesNot Applicable
-
http://www.securitytracker.com/id/1038576
FreeRADIUS Resumed TLS Session Cache Flaw Lets Remote Users Bypass Authentication on the Target System - SecurityTracker
-
http://seclists.org/oss-sec/2017/q2/422
oss-sec: CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass (erratum)Mailing List;VDB Entry
Jump to