Lucene search

Veracode Vulnerability DatabaseVERACODE:41948

HistoryAug 02, 2023 - 10:05 a.m.

Predictable RADIUS ID's

2023-08-0210:05:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

pyrad

radius

vulnerability

software

unauthorized actions

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

pyrad is vulnerable to Predictable RADIUS ID’s. The vulnerability exists in CreateID function at packet.py due to creating serialized RADIUS packet IDs which allows an attacker to predict the ID of the next packet and perform unauthorized actions.

CPENameOperatorVersion
pyradle2.0
pyradle2.0

CPE	Name	Operator	Version
	pyrad	le	2.0
	pyrad	le	2.0

References

bugzilla.redhat.com/show_bug.cgi?id=911685

exchange.xforce.ibmcloud.com/vulnerabilities/82134

github.com/advisories/GHSA-w4px-9pgm-p2f3

github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5

security-tracker.debian.org/tracker/CVE-2013-0342

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for VERACODE:41948