CVE-2019-11234

Description

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

Link	Tags
https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19	release notes vendor advisory
https://papers.mathyvanhoef.com/dragonblood.pdf	third party advisory technical description
https://www.kb.cert.org/vuls/id/871675/	us government resource not applicable third party advisory
https://freeradius.org/security/	vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1695783	issue tracking third party advisory
https://usn.ubuntu.com/3954-1/	third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html	vendor advisory
https://access.redhat.com/errata/RHSA-2019:1131	vendor advisory
https://access.redhat.com/errata/RHSA-2019:1142	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html	vendor advisory

What is the severity of CVE-2019-11234?: CVE-2019-11234 has been scored as a critical severity vulnerability.
How to fix CVE-2019-11234?: To fix CVE-2019-11234, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-11234 being actively exploited in the wild?: It is possible that CVE-2019-11234 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~18% probability that this vulnerability will be exploited by malicious actors in the next 30 days.