CVE-2012-2388
strongswan - authentication bypass
EPSS 0.69%
Description
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
How to fix CVE-2012-2388
To remediate CVE-2012-2388, upgrade the affected package to a fixed version below.
- Debian/strongswan—upgrade to 4.5.2-1.4 or later
- Debian/strongswan—upgrade to 4.4.1-5.2 or later
Is CVE-2012-2388 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.5.2-1.4
- from 0, < 4.4.1-5.2