// For flags

CVE-2021-20179

pki-core: Unprivileged users can renew any certificate

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Se encontró un fallo en pki-core. Un atacante que haya comprometido con éxito una clave podría usar este fallo para renovar el certificado correspondiente una y otra vez, siempre que no se revoque explícitamente. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-17 CVE Reserved
  • 2021-03-15 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-863: Incorrect Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dogtagpki
Search vendor "Dogtagpki"
 Dogtagpki
Search vendor "Dogtagpki" for product "Dogtagpki"
 < 10.5.0
Search vendor "Dogtagpki" for product "Dogtagpki" and version " < 10.5.0"
-
Affected
Dogtagpki
Search vendor "Dogtagpki"
 Dogtagpki
Search vendor "Dogtagpki" for product "Dogtagpki"
 >= 10.5.1 < 10.8.0
Search vendor "Dogtagpki" for product "Dogtagpki" and version " >= 10.5.1 < 10.8.0"
-
Affected
Dogtagpki
Search vendor "Dogtagpki"
 Dogtagpki
Search vendor "Dogtagpki" for product "Dogtagpki"
 >= 10.8.1 < 10.9.0
Search vendor "Dogtagpki" for product "Dogtagpki" and version " >= 10.8.1 < 10.9.0"
-
Affected
Dogtagpki
Search vendor "Dogtagpki"
 Dogtagpki
Search vendor "Dogtagpki" for product "Dogtagpki"
 >= 10.9.1 < 10.10.0
Search vendor "Dogtagpki" for product "Dogtagpki" and version " >= 10.9.1 < 10.10.0"
-
Affected
Dogtagpki
Search vendor "Dogtagpki"
 Dogtagpki
Search vendor "Dogtagpki" for product "Dogtagpki"
 >= 10.10.1 < 10.11.0
Search vendor "Dogtagpki" for product "Dogtagpki" and version " >= 10.10.1 < 10.11.0"
-
Affected
Redhat
Search vendor "Redhat"
 Certificate System
Search vendor "Redhat" for product "Certificate System"
 10.0
Search vendor "Redhat" for product "Certificate System" and version "10.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 32
Search vendor "Fedoraproject" for product "Fedora" and version "32"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected