Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-26463

Published: 15/04/2023 Updated: 17/05/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Strongswan

Vulnerability Summary

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

strongswan strongswan 5.9.9

strongswan strongswan 5.9.8

References

CWE-476CWE-295https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.htmlhttps://github.com/strongswan/strongswan/releaseshttps://security.netapp.com/advisory/ntap-20230517-0010/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook