Published: 31/01/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

In strongSwan prior to 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
strongswan strongswan
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0
fedoraproject fedora 34
fedoraproject extra packages for enterprise linux 8.0
fedoraproject fedora 35
fedoraproject extra packages for enterprise linux 9.0
fedoraproject extra packages for enterprise linux 7.0
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
canonical ubuntu linux 21.10

Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack When using EAP authentication (RFC 3748), the successful completion of the authentication is indicated by an EA ...

CWE-476 https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html https://www.debian.org/security/2022/dsa-5056 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-45079

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect