CVE-2014-2338
strongswan - security update
EPSS 0.28%
Description
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
How to fix CVE-2014-2338
To remediate CVE-2014-2338, upgrade the affected package to a fixed version below.
- Debian/strongswan—upgrade to 5.1.2-4 or later
- Debian/strongswan—upgrade to 4.4.1-5.5 or later
Is CVE-2014-2338 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 5.1.2-4
- from 0, < 4.4.1-5.5