CVE-2013-2944 — Improper Authentication in Strongswan

CWE-287 — Improper Authentication6 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 45.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan

Timeline

PublishedMay 2

Latest updateMay 14

Description

strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/strongswan< strongswan 4.6.4-7 (bookworm)

▶Debianstrongswan/strongswan< 4.6.4-7+3

▶NVDstrongswan/strongswan17 versions+16

Patches

Patch: download.strongswan.org ↗Patch: download.strongswan.org ↗

🔴Vulnerability Details

GHSA

GHSA-m484-f74p-8pvx: strongSwan 4↗2022-05-14

▶

OSV

CVE-2013-2944: strongSwan 4↗2013-05-02

▶

📋Vendor Advisories

Debian

CVE-2013-2944: strongswan - strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signatur...↗2013

▶

💬Community

Bugzilla

CVE-2013-2944 strongswan: ECDSA signature flaw [fedora-all]↗2013-04-30

▶

Bugzilla

CVE-2013-2944 strongswan: ECDSA signature flaw↗2013-04-30

▶