54 matches found
Exploit for Improper Authentication in Checkpoint Gaia_Os
markdown CVE-2026-50751 - Check Point IKEv1 Authentication Byp...
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
Overview On June 8, 2026, Check Point published a security advisory for CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the deprecated IKEv1...
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 CVSS score: 9.3, is a case of a logic flow weakne...
CVE-2026-50752
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...
CLSA-2025-1757947429 libreswan: Fix of CVE-2023-38711
CVE-2023-38711: fix a NULL pointer dereference in IKEv1 Quick Mode with IDIPV4ADDR/IDIPV6ADDR that causes a crash and restart of the pluto daemon when it receives an IDcr payload with IDFQDN...
MiracleLinux 8 : libreswan-4.12-2.el8_10.4 (AXSA:2024-8551:06)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8551:06 advisory. libreswan: IKEv1 default AH/ESP responder can crash and restart CVE-2024-3652 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : libreswan-3.29-7.el8 (AXSA:2020-374:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-374:02 advisory. libreswan: DoS attack via malicious IKEv1 informational exchange message CVE-2020-1763 Tenable has extracted the preceding description block directly from the...
CVE-2025-36118 IBM Storage Virtualize Information Disclosure
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...
EUVD-2006-0725
Malware in sbrugna...
TRENDnet TEW-WLC100P 安全漏洞
The TRENDnet TEW-WLC100P is a wireless LAN controller from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-WLC100P version 2.03b03 that stems from enabling IKEv1 aggressive mode, which could lead to an offline attack...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...
libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart
A NULL pointer dereference vulnerability was found in the Libreswan package. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart
A NULL pointer dereference vulnerability was found in the Libreswan package. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
libreswan: Invalid IKEv1 Quick Mode ID causes restart
A NULL pointer dereference flaw was found in Libreswan when processing IKEv1 Quick Mode requests. When an IKEv1 Quick Mode connection configured with IDIPV4ADDR or IDIPV6ADDR receives an IDcr payload with IDFQDN, it triggers a NULL pointer dereference error. This flaw allows a malicious client or...
Medium: libreswan
Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...