Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2338

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2014-2338
Last Modified 31 May 2014 12:32:40
Published 16 Apr 2014 02:37:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2338

Summary

IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.

Vulnerable Systems

Application

  • Strongswan 4.0.7

  • Strongswan 4.1.0

  • Strongswan 4.1.1

  • Strongswan 4.1.10

  • Strongswan 4.1.11

  • Strongswan 4.1.2

  • Strongswan 4.1.3

  • Strongswan 4.1.4

  • Strongswan 4.1.5

  • Strongswan 4.1.6

  • Strongswan 4.1.7

  • Strongswan 4.1.8

  • Strongswan 4.1.9

  • Strongswan 4.2.0

  • Strongswan 4.2.1

  • Strongswan 4.2.10

  • Strongswan 4.2.11

  • Strongswan 4.2.12

  • Strongswan 4.2.13

  • Strongswan 4.2.14

  • Strongswan 4.2.15

  • Strongswan 4.2.16

  • Strongswan 4.2.2

  • Strongswan 4.2.3

  • Strongswan 4.2.4

  • Strongswan 4.2.5

  • Strongswan 4.2.6

  • Strongswan 4.2.7

  • Strongswan 4.2.8

  • Strongswan 4.2.9

  • Strongswan 4.3.0

  • Strongswan 4.3.1

  • Strongswan 4.3.2

  • Strongswan 4.3.3

  • Strongswan 4.3.4

  • Strongswan 4.3.5

  • Strongswan 4.3.6

  • Strongswan 4.3.7

  • Strongswan 4.4.0

  • Strongswan 4.4.1

  • Strongswan 4.5.0

  • Strongswan 4.5.1

  • Strongswan 4.5.2

  • Strongswan 4.5.3

  • Strongswan 4.6.0

  • Strongswan 4.6.1

  • Strongswan 4.6.2

  • Strongswan 4.6.3

  • Strongswan 4.6.4

  • Strongswan 5.0.0

  • Strongswan 5.0.1

  • Strongswan 5.0.2

  • Strongswan 5.0.3

  • Strongswan 5.0.4

  • Strongswan 5.1.0

  • Strongswan 5.1.1

  • Strongswan 5.1.2


References

CONFIRM - http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html

DEBIAN - DSA-2903

SECUNIA - 57823

SUSE - SUSE-SU-2014:0529

SUSE - openSUSE-SU-2014:0700

SUSE - openSUSE-SU-2014:0697


Last Updated: 27 May 2016 11:04:58