CVE-2014-2338 — Improper Authentication in Strongswan

CWE-287 — Improper Authentication7 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

0.3%

top 45.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan

Timeline

PublishedApr 16

Latest updateMay 17

Description

IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/strongswan< strongswan 5.1.2-4 (bookworm)

▶Debianstrongswan/strongswan< 5.1.2-4+3

▶NVDstrongswan/strongswan57 versions+56

🔴Vulnerability Details

GHSA

GHSA-69p7-xxq6-hxwh: IKEv2 in strongSwan 4↗2022-05-17

▶

OSV

CVE-2014-2338: IKEv2 in strongSwan 4↗2014-04-16

▶

📋Vendor Advisories

Debian

CVE-2014-2338: strongswan - IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authent...↗2014

▶

💬Community

Bugzilla

CVE-2014-2338 strongswan: authentication bypass flaw in IKEv2 [epel-6]↗2014-04-15

▶

Bugzilla

CVE-2014-2338 strongswan: authentication bypass flaw in IKEv2 [fedora-all]↗2014-04-15

▶

Bugzilla

CVE-2014-2338 strongswan: authentication bypass flaw in IKEv2↗2014-03-27

▶