Published: 03/01/2012 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

etc/inc/certs.inc in the PKI implementation in pfSense prior to 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote malicious users to create sub-certificates for arbitrary subjects by leveraging the private key.