Vulnerability Details CVE-2013-2944
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.2%
CVSS Severity
CVSS v2 Score 4.9
References
- http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch
- http://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html
- http://www.debian.org/security/2013/dsa-2665
- http://www.securityfocus.com/bid/59580
- http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html
- http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch
- http://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html
- http://www.debian.org/security/2013/dsa-2665
- http://www.securityfocus.com/bid/59580
- http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html
Products affected by CVE-2013-2944
-
cpe:2.3:a:strongswan:strongswan:4.3.5
-
cpe:2.3:a:strongswan:strongswan:4.3.6
-
cpe:2.3:a:strongswan:strongswan:4.3.7
-
cpe:2.3:a:strongswan:strongswan:4.4.0
-
cpe:2.3:a:strongswan:strongswan:4.4.1
-
cpe:2.3:a:strongswan:strongswan:4.5.0
-
cpe:2.3:a:strongswan:strongswan:4.5.1
-
cpe:2.3:a:strongswan:strongswan:4.5.2
-
cpe:2.3:a:strongswan:strongswan:4.5.3
-
cpe:2.3:a:strongswan:strongswan:4.6.0
-
cpe:2.3:a:strongswan:strongswan:4.6.1
-
cpe:2.3:a:strongswan:strongswan:4.6.2
-
cpe:2.3:a:strongswan:strongswan:4.6.3
-
cpe:2.3:a:strongswan:strongswan:4.6.4
-
cpe:2.3:a:strongswan:strongswan:5.0.0
-
cpe:2.3:a:strongswan:strongswan:5.0.1
-
cpe:2.3:a:strongswan:strongswan:5.0.2