CVE-2022-4967

Ubuntu Security Notice USN-6772-1

Severity Score

7.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

Las versiones de strongSwan 5.9.2 a 5.9.5 se ven afectadas por la omisión de autorización debido a una validación incorrecta del certificado con una discrepancia en el host (CWE-297). Cuando se utilizan certificados para autenticar clientes en métodos EAP basados en TLS, no se exige que la identidad IKE o EAP proporcionada por un cliente esté contenida en el certificado del cliente. De modo que los clientes pueden autenticarse con cualquier certificado confiable y reclamar una identidad IKE/EAP arbitraria como propia. Esto es problemático si la identidad se utiliza para tomar decisiones políticas. Se publicó una solución en la versión 5.9.6 de strongSwan en agosto de 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls.

*Credits: Jan Schermer

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-04-19 CVE Reserved
2024-05-13 CVE Published
2025-02-13 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20240614-0006
https://www.cve.org/CVERecord?id=CVE-2022-4967	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136	2024-06-14

URL	Date	SRC
https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html	2024-06-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
StrongSwan Search vendor "StrongSwan"		StrongSwan Search vendor "StrongSwan" for product "StrongSwan"				>= 5.9.2 < 5.9.6 Search vendor "StrongSwan" for product "StrongSwan" and version " >= 5.9.2 < 5.9.6"		en		Affected