← Back

CVE-2015-4171

nvd nist
Published: Jun 10, 2015Modified: May 6, 2026

JSON object

Loading...
2.6
Vector
AV:N/AC:H/Au:N/C:P/I:N/A:N
Exploitability: 4.9 / Impact: 2.9
Source: NVD

Description

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.

Affected (39)

Strongswan
2 products
Strongswan Vpn Client
Strongswan
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Strongswan Vpn Client
Up to 1.4.5
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 14.10
Ubuntu Linux
Version 15.04
Debian Linux
Version 8.0
Configuration C
34 vulnerable
Vulnerable SoftwareAffected Versions
Strongswan
Strongswan
Version 4.3.0
Strongswan
Version 4.3.1
Strongswan
Version 4.3.2
Strongswan
Version 4.3.3
Strongswan
Version 4.3.4
Strongswan
Version 4.3.5
Strongswan
Version 4.3.6
Strongswan
Version 4.3.7
Strongswan
Version 4.4.0
Strongswan
Version 4.4.1
Strongswan
Version 4.5.0
Strongswan
Version 4.5.1
Strongswan
Version 4.5.2
Strongswan
Version 4.5.3
Strongswan
Version 4.6.0
Strongswan
Version 4.6.1
Strongswan
Version 4.6.2
Strongswan
Version 4.6.3
Strongswan
Version 4.6.4
Strongswan
Version 5.0.0
Strongswan
Version 5.0.1
Strongswan
Version 5.0.2
Strongswan
Version 5.0.3
Strongswan
Version 5.0.4
Strongswan
Version 5.1.0
Strongswan
Version 5.1.1
Strongswan
Version 5.1.2
Strongswan
Version 5.1.3
Strongswan
Version 5.2.0
Strongswan
Version 5.2.1
Strongswan
Version 5.2.2
Strongswan
Version 5.2.3
Strongswan
Version 5.3.0
Strongswan
Version 5.3.1

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (24)

Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.