Detections
Analytics

CVE-2013-0342

medium

Description

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.

References

https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5

https://exchange.xforce.ibmcloud.com/vulnerabilities/82134

https://bugzilla.redhat.com/show_bug.cgi?id=911685

http://www.securityfocus.com/bid/57984

http://www.openwall.com/lists/oss-security/2013/02/22/2

http://www.openwall.com/lists/oss-security/2013/02/21/27

http://www.openwall.com/lists/oss-security/2013/02/15/9

Details

Source: Mitre, NVD

Published: 2019-12-09

Updated: 2019-12-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.01681