Lucene search

[email protected]CVE-2011-4197

HistoryJan 03, 2012 - 7:55 p.m.

CVE-2011-4197

2012-01-0319:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-4197

x.509 certificates

pfsense

remote attackers

sub-certificates

security vulnerability

nvd

7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.4%

JSON

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

CPENameOperatorVersion
pfsense:pfsensepfsensele2.0
pfsense:pfsensepfsenseeq1.2.1
pfsense:pfsensepfsenseeq1.0.x
pfsense:pfsensepfsenseeq1.2.2
pfsense:pfsensepfsenseeq1.2.3

CPE	Name	Operator	Version
pfsense:pfsense	pfsense	le	2.0
pfsense:pfsense	pfsense	eq	1.2.1
pfsense:pfsense	pfsense	eq	1.0.x
pfsense:pfsense	pfsense	eq	1.2.2
pfsense:pfsense	pfsense	eq	1.2.3

References

archives.neohapsis.com/archives/bugtraq/2011-12/0152.html

secunia.com/advisories/46780

www.osvdb.org/77982

www.securityfocus.com/bid/51169

exchange.xforce.ibmcloud.com/vulnerabilities/71969

github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e

github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894

www.trustmatta.com/advisories/MATTA-2011-001.txt

7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2011-4197

securityvulns2 prion1