CVE-2022-4967

2024-05-1411:57:00

Google

osv.dev

strongswan

authorization bypass

cve-2022-4967

tls-based eap

security vulnerability

certificate validation

software bug

fix

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client’s certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

CPENameOperatorVersion
strongswaneq5.3.4dr2
strongswaneq5.8.1dr1
strongswaneq4.1.6
strongswaneq5.2.2
strongswaneq5.6.0dr1
strongswaneq4.3.3
strongswaneq5.0.3dr2
strongswaneq5.1.3rc1
strongswaneq5.1.1dr3
strongswaneq4.2.12

Name	Operator	Version
strongswan	eq	5.3.4dr2
strongswan	eq	5.8.1dr1
strongswan	eq	4.1.6
strongswan	eq	5.2.2
strongswan	eq	5.6.0dr1
strongswan	eq	4.3.3
strongswan	eq	5.0.3dr2
strongswan	eq	5.1.3rc1
strongswan	eq	5.1.1dr3
strongswan	eq	4.2.12