PT-2012-6362 · Strongswan+1 · Strongswan+1

Publicado

1970-01-01

Atualizado

2024-06-15

CVE-2012-2388

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions strongSwan versions 4.2.0 through 4.6.3

Description The issue allows remote attackers to bypass authentication via an empty or zeroed RSA signature, potentially leading to a violation of confidentiality, integrity, and availability of protected information. This can be exploited remotely.

Recommendations For strongSwan versions 4.2.0 through 4.6.3, update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

BDU:2015-05463

BDU:2015-05464

BDU:2015-05465

BDU:2015-05466

BDU:2015-05467

BDU:2015-05468

BDU:2015-05469

BDU:2015-05470

BDU:2015-05471

BDU:2015-05472

BDU:2015-05473

BDU:2015-05474

BDU:2015-05475

BDU:2015-05476

BDU:2015-05477

BDU:2015-05478

BDU:2015-05479

CVE-2012-2388

DSA-2483-1

OPENSUSE-SU-2012_0691-1

OPENSUSE-SU-2024:10579-1

SUSE-SU-2012_0686-1

Produtos afetados

Suse

Strongswan

PT-2012-6362 · Strongswan+1 · Strongswan+1

CVE-2012-2388

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 53