7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.8%
Issue Overview:
An initial fix in Amazon Linux ca-certificates package relating to CVE-2022-23491 did not properly remove root certificates from TrustCor from the root store. (CVE-2023-32803)
Affected Packages:
ca-certificates
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update ca-certificates to update your system.
New Packages:
noarch:
ca-certificates-2021.2.50-72.amzn2.0.7.noarch
src:
ca-certificates-2021.2.50-72.amzn2.0.7.src
Red Hat: CVE-2023-32803
Mitre: CVE-2023-32803
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | noarch | ca-certificates | < 2021.2.50-72.amzn2.0.7 | ca-certificates-2021.2.50-72.amzn2.0.7.noarch.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.8%