CVE-2004-0590 — Strongswan vulnerability

2 documents2 sources

Severity

10.0CRITICALNVD

EPSS

0.6%

top 31.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Frees WAN Frees WAN Super Frees WAN +1 more

Timeline

PublishedDec 6

Latest updateApr 29

Description

FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDopenswan/openswan1, 2+1

▶NVDfrees_wan/super_frees_wan1

▶NVDstrongswan/strongswan2.1.2

▶NVDfrees_wan/frees_wan1, 2+1

Patches

Patch: security.gentoo.org ↗Patch: www.mandrakesecure.net ↗Patch: www.openswan.org ↗

🔴Vulnerability Details

GHSA

GHSA-5qp2-wwm4-h7fm: FreeS/WAN 1↗2022-04-29

▶