Vulnerability CVE-2021-20179

Vulnerability Name:

CVE-2021-20179 (CCN-198271)

Assigned:

2020-12-17

Published:

2021-03-12

Updated:

2021-03-24

Summary:

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
7.1 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-863
CWE-863

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-20179

Source: CCN
Type: Red Hat Bugzilla - Bug 1914379
(CVE-2021-20179) - CVE-2021-20179 pki-core: Unprivileged users can renew any certificate

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1914379

Source: XF
Type: UNKNOWN
dogtag-cve202120179-sec-bypass(198271)

Source: CCN
Type: pki GIT Repository
CVE-2021-20179: Fix renewal profile approval process - v10.11 #3474

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/dogtagpki/pki/pull/3474

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/dogtagpki/pki/pull/3475

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/dogtagpki/pki/pull/3476

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/dogtagpki/pki/pull/3477

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/dogtagpki/pki/pull/3478

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-6c412a4601

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-344dd24c84

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-c0d6637ca5

Vulnerable Configuration:

Configuration 1:

cpe:/a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:* (Version < 10.5.0)

OR cpe:/a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:* (Version >= 10.5.1 and < 10.8.0)

OR cpe:/a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:* (Version >= 10.8.1 and < 10.9.0)

OR cpe:/a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:* (Version >= 10.9.1 and < 10.10.0)

OR cpe:/a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:* (Version >= 10.10.1 and < 10.11.0)

Configuration 2:

cpe:/a:redhat:certificate_system:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20210966	P	RHSA-2021:0966: pki-core:10.6 security update (Important)	2021-03-23
oval:com.redhat.rhsa:def:20210851	P	RHSA-2021:0851: pki-core security and bug fix update (Important)	2021-03-16

BACK