CVE-2004-0590

2004-12-0605:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.018

Percentile

88.1%

JSON

FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.

Affected configurations

Nvd

Node

frees_wanfrees_wanMatch1

frees_wanfrees_wanMatch2

frees_wansuper_frees_wanMatch1

openswanopenswanMatch1

openswanopenswanMatch2

strongswanstrongswanRange≤2.1.2

VendorProductVersionCPE
frees_wanfrees_wan1cpe:2.3:a:frees_wan:frees_wan:1:*:*:*:*:*:*:*
frees_wanfrees_wan2cpe:2.3:a:frees_wan:frees_wan:2:*:*:*:*:*:*:*
frees_wansuper_frees_wan1cpe:2.3:a:frees_wan:super_frees_wan:1:*:*:*:*:*:*:*
openswanopenswan1cpe:2.3:a:openswan:openswan:1:*:*:*:*:*:*:*
openswanopenswan2cpe:2.3:a:openswan:openswan:2:*:*:*:*:*:*:*
strongswanstrongswan*cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
frees_wan	frees_wan	1	cpe:2.3:a:frees_wan:frees_wan:1:::::::*
frees_wan	frees_wan	2	cpe:2.3:a:frees_wan:frees_wan:2:::::::*
frees_wan	super_frees_wan	1	cpe:2.3:a:frees_wan:super_frees_wan:1:::::::*
openswan	openswan	1	cpe:2.3:a:openswan:openswan:1:::::::*
openswan	openswan	2	cpe:2.3:a:openswan:openswan:2:::::::*
strongswan	strongswan	*	cpe:2.3:a:strongswan:strongswan::::::::