Vulnerability Details CVE-2012-4741
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://sourceforge.net/mailarchive/message.php?msg_id=29126135
- http://www.packetfence.org/bugs/view.php?id=1390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78868
- http://sourceforge.net/mailarchive/message.php?msg_id=29126135
- http://www.packetfence.org/bugs/view.php?id=1390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78868
Products affected by CVE-2012-4741
-
cpe:2.3:a:packetfence:packetfence:1.8.5
-
cpe:2.3:a:packetfence:packetfence:1.9.0
-
cpe:2.3:a:packetfence:packetfence:1.9.1
-
cpe:2.3:a:packetfence:packetfence:2.0.0
-
cpe:2.3:a:packetfence:packetfence:2.0.1
-
cpe:2.3:a:packetfence:packetfence:2.1.0
-
cpe:2.3:a:packetfence:packetfence:2.2.0
-
cpe:2.3:a:packetfence:packetfence:2.2.1
-
cpe:2.3:a:packetfence:packetfence:3.0.0
-
cpe:2.3:a:packetfence:packetfence:3.0.1
-
cpe:2.3:a:packetfence:packetfence:3.2.0