6.4 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.1%
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka “RSA signature verification vulnerability.”
lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html
osvdb.org/82587
secunia.com/advisories/49315
secunia.com/advisories/49336
secunia.com/advisories/49370
secunia.com/advisories/55051
www.debian.org/security/2012/dsa-2483
www.securityfocus.com/bid/53752
www.securitytracker.com/id?1027110
www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html
exchange.xforce.ibmcloud.com/vulnerabilities/76013
More