Ubuntu.comUB:CVE-2022-4967CVE-2022-4967
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization
bypass through improper validation of certificate with host mismatch
(CWE-297). When certificates are used to authenticate clients in TLS-based
EAP methods, the IKE or EAP identity supplied by a client is not enforced
to be contained in the client’s certificate. So clients can authenticate
with any trusted certificate and claim an arbitrary IKE/EAP identity as
their own. This is problematic if the identity is used to make policy
decisions. A fix was released in strongSwan version 5.9.6 in August 2022
(e4b4aabc4996fc61c37deab7858d07bc4d220136).
Notes
| Author | Note |
|---|---|
| eslerm | remediator is Tobias Brunner |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | strongswan | < 5.9.5-2ubuntu2.3 | UNKNOWN |
Related
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%