CVE-2022-4967

{"id": "CVE-2022-4967", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2024-05-14T11:57:00.550", "references": [{"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136", "tags": ["Patch"], "source": "security@ubuntu.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0006/", "tags": ["Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967", "tags": ["Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html", "tags": ["Mitigation", "Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0006/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."}, {"lang": "es", "value": "Las versiones de strongSwan 5.9.2 a 5.9.5 se ven afectadas por la omisi\u00f3n de autorizaci\u00f3n debido a una validaci\u00f3n incorrecta del certificado con una discrepancia en el host (CWE-297). Cuando se utilizan certificados para autenticar clientes en m\u00e9todos EAP basados en TLS, no se exige que la identidad IKE o EAP proporcionada por un cliente est\u00e9 contenida en el certificado del cliente. De modo que los clientes pueden autenticarse con cualquier certificado confiable y reclamar una identidad IKE/EAP arbitraria como propia. Esto es problem\u00e1tico si la identidad se utiliza para tomar decisiones pol\u00edticas. Se public\u00f3 una soluci\u00f3n en la versi\u00f3n 5.9.6 de strongSwan en agosto de 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."}], "lastModified": "2025-08-22T15:04:16.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DE17337-2E3A-437B-8268-CE02E309BF95", "versionEndExcluding": "5.9.6", "versionStartIncluding": "5.9.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}