Lucene search

K

MitreCVELIST:CVE-2015-4171

HistoryJun 10, 2015 - 6:00 p.m.

CVE-2015-4171

2015-06-1018:00:00

mitre

www.cve.org

1

AI Score

7.6

Confidence

High

EPSS

0.005

Percentile

76.3%

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.

References

lists.opensuse.org/opensuse-updates/2015-06/msg00040.html

www.debian.org/security/2015/dsa-3282

www.openwall.com/lists/oss-security/2015/05/29/6

www.openwall.com/lists/oss-security/2015/05/29/7

www.openwall.com/lists/oss-security/2015/06/08/4

www.securityfocus.com/bid/74933

www.securitytracker.com/id/1032514

www.ubuntu.com/usn/USN-2628-1

bugzilla.suse.com/show_bug.cgi?id=933591

play.google.com/store/apps/details?id=org.strongswan.android

www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html

www.suse.com/security/cve/CVE-2015-4171.html

AI Score

7.6

Confidence

High

EPSS

0.005

Percentile

76.3%

Related for CVELIST:CVE-2015-4171

cve1 nessus11 ibm4 prion1 openvas10 ubuntu1 debian2 securityvulns2 nvd1 osv2 freebsd1 ubuntucve1 debiancve1