CVE-2012-5484

Description

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

Category

7.9
CVSS
Severity: High
CVSS 2.0 •
EPSS 0.53%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory freeipa.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa
http://www.freeipa.org/page/CVE-2012-5484 vendor advisory
http://www.freeipa.org/page/Releases/3.1.2
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f
http://rhn.redhat.com/errata/RHSA-2013-0188.html vendor advisory
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc
http://rhn.redhat.com/errata/RHSA-2013-0189.html vendor advisory

Frequently Asked Questions

What is the severity of CVE-2012-5484?
CVE-2012-5484 has been scored as a high severity vulnerability.
How to fix CVE-2012-5484?
To fix CVE-2012-5484, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2012-5484 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2012-5484 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.