Vulnerability Details CVE-2004-0590
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://security.gentoo.org/glsa/glsa-200406-20.xml
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070
- http://www.openswan.org/support/vuln/can-2004-0590/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16515
- http://security.gentoo.org/glsa/glsa-200406-20.xml
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070
- http://www.openswan.org/support/vuln/can-2004-0590/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16515
Products affected by CVE-2004-0590
-
cpe:2.3:a:frees_wan:frees_wan:1
-
cpe:2.3:a:frees_wan:frees_wan:2
-
cpe:2.3:a:frees_wan:super_frees_wan:1
-
cpe:2.3:a:openswan:openswan:1
-
cpe:2.3:a:openswan:openswan:2
-
cpe:2.3:a:strongswan:strongswan:2.0.0
-
cpe:2.3:a:strongswan:strongswan:2.0.1
-
cpe:2.3:a:strongswan:strongswan:2.0.2
-
cpe:2.3:a:strongswan:strongswan:2.1.0
-
cpe:2.3:a:strongswan:strongswan:2.1.1
-
cpe:2.3:a:strongswan:strongswan:2.1.2