CVE-2015-4171
strongswan - security update
EPSS 1.0%
Description
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
How to fix CVE-2015-4171
To remediate CVE-2015-4171, upgrade the affected package to a fixed version below.
- Debian/strongswan—upgrade to 5.3.1-1 or later
- Debian/strongswan—upgrade to 4.4.1-5.7 or later
- —upgrade to 4.5.2-1.5+deb7u7 or later
Is CVE-2015-4171 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 5.3.1-1
- from 0, < 4.4.1-5.7
- from 0, < 4.5.2-1.5+deb7u7