Lucene search

RedhatCVE-2022-3500

HistoryNov 22, 2022 - 7:15 p.m.

CVE-2022-3500

2022-11-2219:15:17

CWE-248

redhat

web.nvd.nist.gov

keylime

vulnerability

rogue agent

attestation

nvd

cve-2022-3500

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

Affected configurations

Nvd

Vulners

Node

keylimekeylimeRange<6.5.1

Node

redhatenterprise_linuxMatch9.0

Node

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

VendorProductVersionCPE
keylimekeylime*cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
keylime	keylime	*	cpe:2.3:a:keylime:keylime::::::::
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "keylime",
    "versions": [
      {
        "version": "keylime 6.5.2",
        "status": "affected"
      }
    ]
  }
]