CVE-2022-4967Improper Authorization in Strongswan

8 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 85.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
StrongswanDebian Strongswan
Timeline
PublishedMay 14

Description

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make poli

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/strongswan< strongswan 5.9.6-1 (bookworm)
NVDstrongswan/strongswan5.9.25.9.6
Debianstrongswan/strongswan< 5.9.6-1+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-2hrc-c28p-9f59: strongSwan versions 52024-05-14
OSV
CVE-2022-4967: strongSwan versions 52024-05-14

📋Vendor Advisories

2
Ubuntu
strongSwan vulnerability2024-05-14
Debian
CVE-2022-4967: strongswan - strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass thr...2022

🕵️Threat Intelligence

3
Wiz
CVE-2025-62291 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-9615 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-25075 Impact, Exploitability, and Mitigation Steps | Wiz