CVE-2004-0590
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
FreeS/WAN 1.x y 2.x, y otros productos relacionados, incluyendo superfreeswan 1.x, openswan 1.x anteriores a 1.0.6, openswan 2.x anteriores a 2.1.4 y strongSwan anteriores a 2.1.3 permite a atacantes remotos autenticarse usando certificados PKCS#7 falsificados en los que un certificado auto-firmado identifica a una Autoridad Certificadora (CA) y a un usuario y asunto suplantados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-06-23 CVE Reserved
- 2004-06-29 CVE Published
- 2023-06-07 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16515 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200406-20.xml | 2017-07-11 | |
| http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070 | 2017-07-11 | |
| http://www.openswan.org/support/vuln/can-2004-0590 | 2017-07-11 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Frees Wan Search vendor "Frees Wan" | Frees Wan Search vendor "Frees Wan" for product "Frees Wan" | 1 Search vendor "Frees Wan" for product "Frees Wan" and version "1" | - |
Affected
| ||||||
| Frees Wan Search vendor "Frees Wan" | Frees Wan Search vendor "Frees Wan" for product "Frees Wan" | 2 Search vendor "Frees Wan" for product "Frees Wan" and version "2" | - |
Affected
| ||||||
| Frees Wan Search vendor "Frees Wan" | Super Frees Wan Search vendor "Frees Wan" for product "Super Frees Wan" | 1 Search vendor "Frees Wan" for product "Super Frees Wan" and version "1" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 1 Search vendor "Openswan" for product "Openswan" and version "1" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2 Search vendor "Openswan" for product "Openswan" and version "2" | - |
Affected
| ||||||
| Strongswan Search vendor "Strongswan" | Strongswan Search vendor "Strongswan" for product "Strongswan" | <= 2.1.2 Search vendor "Strongswan" for product "Strongswan" and version " <= 2.1.2" | - |
Affected
| ||||||