7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.7%
Package : strongswan
Version : 4.5.2-1.5+deb7u10
CVE ID : CVE-2017-11185
Debian Bug : #872155
It was discovered that there was a denial-of-service vulnerability in
the Strongswan Virtual Private Network (VPN) software.
Specific RSA signatures passed to the gmp plugin for verification could
cause a null-pointer dereference. Potential triggers are signatures in
certificates, but also signatures used during IKE authentication.
For more details, please see:
<https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html>
For Debian 7 "Wheezy", this issue has been fixed in strongswan version
4.5.2-1.5+deb7u10.
We recommend that you upgrade your strongswan packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.7%