Lucene search
K

938 matches found

NCSC
NCSC
added yesterday14 views

Vulnerabilities found in Juniper Networks’ Junos OS and Junos OS Evolved

Juniper has identified several vulnerabilities in Junos OS and Junos OS Evolved, specifically related to devices in the MX Series, PTX Series, QFX Series, EX Series, SRX Series, and QFX10000 Series. These vulnerabilities affect various components of Junos OS and Junos OS Evolved, including the...

9.8CVSS7.1AI score0.02497EPSS
Exploits0References22
NVD
NVD
added 5 days ago7 views

CVE-2026-57024

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...

6.9CVSS0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57024 Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...

6.9CVSS0.00417EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 12:31 a.m.9 views

EUVD-2026-41440

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 12:31 a.m.8 views

EUVD-2026-41441

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 12:31 a.m.7 views

EUVD-2026-41439

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 10:16 p.m.6 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS0.00392EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 9:44 p.m.8 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 9:44 p.m.22 views

CVE-2026-50721

CVE-2026-50721 concerns Libreswan where the function RSA_authenticate_hash_signature_raw_rsa() does not properly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS#1 RSA Encryption per RFC 2313. This enables a remote attacker to leverage a Bleichen...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/02 9:19 p.m.21 views

CVE-2026-12413

The CVE-2026-12413 issue affects Libreswan’s pluto daemon and is triggered by an invalidly formatted IKEv2 fragment. The root cause is an off-by-one error in the assertion within reassemble_v2_incoming_fragments(), which can cause the daemon to abort when handling certain outer payloads that are ...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55315

Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description Libreswan fails to correctly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS 1 RSA Encryption. This occurs within the RSA authenticate ha...

8.1CVSS6.5AI score0.00392EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.69 views

📄 Check Point VPN IKE Logic Flaw

This is a Python script attempting to exploit a vulnerability in Check Point VPN by sending a malformed IKESAINIT packet to UDP port 500, detecting whether the target responds as an indicator of exploitability, then executing a MITM attack to intercept IKE packets between a victim and a VPN...

9.3CVSS5.7AI score0.70099EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/06/10 2:16 p.m.72 views

Exploit for Improper Authentication in Checkpoint Gaia_Os

markdown CVE-2026-50751 - Check Point IKEv1 Authentication Byp...

9.3CVSS5.9AI score0.70099EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2026/06/08 5:5 p.m.14 views

Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Overview On June 8, 2026, Check Point published a security advisory for CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the deprecated IKEv1...

9.3CVSS6.2AI score0.70099EPSS
Exploits5
The Hacker News
The Hacker News
added 2026/06/08 2:17 p.m.24 views

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 CVSS score: 9.3, is a case of a logic flow weakne...

9.3CVSS5.8AI score0.70099EPSS
Exploits5
NVD
NVD
added 2026/06/08 12:16 p.m.18 views

CVE-2026-50752

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS0.04859EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 12:56 p.m.11 views

EUVD-2026-31818

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

8.1CVSS5.8AI score0.02658EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 12:56 p.m.45 views

CVE-2026-48131 VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

8.1CVSS0.02658EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 12:56 p.m.14 views

CVE-2026-48131 VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

8.1CVSS5.8AI score0.02658EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in StrongSwan

StrongSwan before version 5.9.12 has a buffer overflow vulnerability, and there is a possibility of unauthenticated remote code execution through a DH public key value that exceeds the internal buffer of charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An attack can occur through a...

9.8CVSS9AI score0.02309EPSS
Exploits0References2
Rows per page
Query Builder