CVE-2017-7537 in pki-core Packageinfo

Summary

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Red Hat, Inc.

Reservation

04/05/2017

Disclosure

07/26/2018

Moderation

VulDB entry created

Entries

1: VDB-122208

CPE

ready

CWE

CWE-798 (Confirmed)

CVSS

6.9

EPSS

0.00125

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-7537
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-7537
CVE Details	https://www.cvedetails.com/cve/CVE-2017-7537/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!