PT-2012-6362 · Strongswan+1 · Strongswan+1

Published

1970-01-01

Updated

2024-06-15

CVE-2012-2388

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions strongSwan versions 4.2.0 through 4.6.3

Description The issue allows remote attackers to bypass authentication via an empty or zeroed RSA signature, potentially leading to a violation of confidentiality, integrity, and availability of protected information. This can be exploited remotely.

Recommendations For strongSwan versions 4.2.0 through 4.6.3, update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2015-05463

BDU:2015-05464

BDU:2015-05465

BDU:2015-05466

BDU:2015-05467

BDU:2015-05468

BDU:2015-05469

BDU:2015-05470

BDU:2015-05471

BDU:2015-05472

BDU:2015-05473

BDU:2015-05474

BDU:2015-05475

BDU:2015-05476

BDU:2015-05477

BDU:2015-05478

BDU:2015-05479

CVE-2012-2388

DSA-2483-1

OPENSUSE-SU-2012_0691-1

OPENSUSE-SU-2024:10579-1

SUSE-SU-2012_0686-1

Affected Products

Suse

Strongswan

PT-2012-6362 · Strongswan+1 · Strongswan+1

CVE-2012-2388

Weakness Enumeration

Related Identifiers

Affected Products

References · 53