{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-29T00:00:00", "descriptions": [{"lang": "en", "value": "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://freeradius.org/security.html"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/oss-sec/2017/q2/422"}, {"name": "RHSA-2017:1581", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1581"}, {"name": "1038576", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038576"}, {"name": "98734", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98734"}, {"name": "GLSA-201706-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-27"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9148", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://freeradius.org/security.html", "refsource": "MISC", "url": "http://freeradius.org/security.html"}, {"name": "http://seclists.org/oss-sec/2017/q2/422", "refsource": "MISC", "url": "http://seclists.org/oss-sec/2017/q2/422"}, {"name": "RHSA-2017:1581", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1581"}, {"name": "1038576", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038576"}, {"name": "98734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98734"}, {"name": "GLSA-201706-27", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-27"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:55:22.379Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://freeradius.org/security.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/oss-sec/2017/q2/422"}, {"name": "RHSA-2017:1581", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1581"}, {"name": "1038576", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038576"}, {"name": "98734", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98734"}, {"name": "GLSA-201706-27", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201706-27"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9148", "datePublished": "2017-05-29T17:00:00", "dateReserved": "2017-05-22T00:00:00", "dateUpdated": "2024-08-05T16:55:22.379Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5CAEB64-0676-4C18-8255-DACDA612188E", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "17F7A434-49DC-4005-9161-F2B49559621F", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D494932F-F639-44BE-B15C-7F07A67B0502", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "D2D45784-C53B-4A11-B1B3-BC68B514002D", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E969979B-2852-453D-AF48-A462448D4C62", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "388D7673-6BA7-4113-86E1-00F9A60C8796", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B5B5D50-C251-4569-9D2C-49FB64702646", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A693BD6B-BCFF-461B-B71D-4E6F7A614979", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6E1D867F-7147-4C97-927B-C10404CC2985", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4C30EB50-6BCD-44E4-906A-618ACCF627DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A8C129A8-59C9-4780-8454-4EB112DF0B40", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "13C228DD-0EB3-4348-8D7A-D17A59E92013", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "2400422C-8E52-4946-BE83-AA7167F0F703", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "E1841E98-2B17-4DFC-B03F-4E4537D8A6A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "78140938-FD3B-442E-B906-7705CDFF853D", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "354381FC-52F3-4377-8DE0-75FC0D2D7FD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D829A428-71E8-4EB4-A8D7-BD5B673AA51F", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "8F800631-5190-410F-B11D-02CF956D5B93", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AA8D994-16CB-44F0-95FE-7AFECB56C949", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS."}, {"lang": "es", "value": "La cach\u00e9 de una sesi\u00f3n TLS en FreeRADIUS versiones 2.1.1 hasta 2.1.7, versiones 3.0.x anteriores a 3.0.14, versiones 3.1.x antes de 04-02-2017, y versiones 4.0.x antes de 04-02-2017, no puede impedir de manera fiable la reanudaci\u00f3n de una sesi\u00f3n no autenticada, que permite a los atacantes remotos (como requirentes maliciosos 802.1X) para omitir la autenticaci\u00f3n por medio de PEAP o TTLS."}], "id": "CVE-2017-9148", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-29T17:29:00.200", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://freeradius.org/security.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "VDB Entry"], "url": "http://seclists.org/oss-sec/2017/q2/422"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98734"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1038576"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2017:1581"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201706-27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://freeradius.org/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "VDB Entry"], "url": "http://seclists.org/oss-sec/2017/q2/422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98734"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201706-27"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:1581", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "freeradius-0:3.0.4-8.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-06-28T00:00:00Z"}], "bugzilla": {"description": "freeradius: TLS resumption authentication bypass", "id": "1456697", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1456697"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-287", "details": ["The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.", "An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session."], "mitigation": {"lang": "en:us", "value": "Disable TLS session caching in FreeRADIUS by setting \"enable = no\" in the cache subsection of EAP module settings, which are in /etc/raddb/mods-available/eap file."}, "name": "CVE-2017-9148", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "freeradius2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-9148\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9148"], "threat_severity": "Important"}