Critical severity9.8NVD Advisory· Published May 29, 2017· Updated Jun 17, 2026
CVE-2017-9148
CVE-2017-9148
Description
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
29cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:4.0.0:*:*:*:*:*:*:*
- osv-coords8 versionspkg:rpm/opensuse/freeradius-server&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
< 3.0.23-1.5+ 7 more
- (no CPE)range: < 3.0.23-1.5
- (no CPE)range: < 2.1.1-7.24.1
- (no CPE)range: < 3.0.3-17.4.1
- (no CPE)range: < 3.0.3-17.4.1
- (no CPE)range: < 2.1.1-7.24.1
- (no CPE)range: < 3.0.3-17.4.1
- (no CPE)range: < 2.1.1-7.24.1
- (no CPE)range: < 3.0.3-17.4.1
Patches
Vulnerability mechanics
References
6- www.securityfocus.com/bid/98734nvdThird Party AdvisoryVDB Entry
- freeradius.org/security.htmlnvdNot Applicable
- seclists.org/oss-sec/2017/q2/422nvdMailing ListVDB Entry
- www.securitytracker.com/id/1038576nvd
- access.redhat.com/errata/RHSA-2017:1581nvd
- security.gentoo.org/glsa/201706-27nvd
News mentions
0No linked articles in our index yet.