Lucene search

[email protected]NVD:CVE-2015-4171

HistoryJun 10, 2015 - 6:59 p.m.

CVE-2015-4171

2015-06-1018:59:09

CWE-200

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

7.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.

Affected configurations

NVD

Node

strongswanstrongswan_vpn_clientRange≤1.4.5android

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

debiandebian_linuxMatch8.0

Node

strongswanstrongswanMatch4.3.0

strongswanstrongswanMatch4.3.1

strongswanstrongswanMatch4.3.2

strongswanstrongswanMatch4.3.3

strongswanstrongswanMatch4.3.4

strongswanstrongswanMatch4.3.5

strongswanstrongswanMatch4.3.6

strongswanstrongswanMatch4.3.7

strongswanstrongswanMatch4.4.0

strongswanstrongswanMatch4.4.1

strongswanstrongswanMatch4.5.0

strongswanstrongswanMatch4.5.1

strongswanstrongswanMatch4.5.2

strongswanstrongswanMatch4.5.3

strongswanstrongswanMatch4.6.0

strongswanstrongswanMatch4.6.1

strongswanstrongswanMatch4.6.2

strongswanstrongswanMatch4.6.3

strongswanstrongswanMatch4.6.4

strongswanstrongswanMatch5.0.0

strongswanstrongswanMatch5.0.1

strongswanstrongswanMatch5.0.2

strongswanstrongswanMatch5.0.3

strongswanstrongswanMatch5.0.4

strongswanstrongswanMatch5.1.0

strongswanstrongswanMatch5.1.1

strongswanstrongswanMatch5.1.2

strongswanstrongswanMatch5.1.3

strongswanstrongswanMatch5.2.0

strongswanstrongswanMatch5.2.1

strongswanstrongswanMatch5.2.2

strongswanstrongswanMatch5.2.3

strongswanstrongswanMatch5.3.0

strongswanstrongswanMatch5.3.1

References

lists.opensuse.org/opensuse-updates/2015-06/msg00040.html

www.debian.org/security/2015/dsa-3282

www.openwall.com/lists/oss-security/2015/05/29/6

www.openwall.com/lists/oss-security/2015/05/29/7

www.openwall.com/lists/oss-security/2015/06/08/4

www.securityfocus.com/bid/74933

www.securitytracker.com/id/1032514

www.ubuntu.com/usn/USN-2628-1

bugzilla.suse.com/show_bug.cgi?id=933591

play.google.com/store/apps/details?id=org.strongswan.android

www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html

www.suse.com/security/cve/CVE-2015-4171.html

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

7.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

Related for NVD:CVE-2015-4171

nessus11 openvas10 debian2 ibm4 securityvulns2 cvelist1 osv2 cve1 ubuntu1 prion1 freebsd1 ubuntucve1 debiancve1