CVE-2017-2590

HIGH

Freeipa < 4.4.0 - Incorrect Permission Assignment

Title source: rule
STIX 2.1

Description

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96557
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0388.html
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590

Scores

CVSS v3 8.1
EPSS 0.0018
EPSS Percentile 38.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-275 CWE-732
Status published
Products (10)
freeipa/freeipa < 4.4.0
redhat/enterprise_linux 7.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_server_aus 7.3
redhat/enterprise_linux_server_aus 7.4
redhat/enterprise_linux_server_eus 7.3
redhat/enterprise_linux_server_eus 7.4
redhat/enterprise_linux_server_eus 7.5
redhat/enterprise_linux_workstation 7.0
Published Jul 27, 2018
Tracked Since Feb 18, 2026