CVE-2022-4967 - Vulnerability Details - OpenCVE

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Strongswan	Strongswan

No data.

No data.

References

Link	Providers
https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136
https://security.netapp.com/advisory/ntap-20240614-0006/
https://www.cve.org/CVERecord?id=CVE-2022-4967
https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2024-05-13T12:09:19.104Z

Updated: 2025-02-13T16:38:39.882Z

Reserved: 2024-04-19T18:02:23.578Z

Link: CVE-2022-4967

Vulnrichment

Updated: 2024-08-03T01:55:46.125Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T11:57:00.550

Modified: 2024-11-21T07:36:20.957

Link: CVE-2022-4967

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2022-4967", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2024-04-19T18:02:23.578Z", "datePublished": "2024-05-13T12:09:19.104Z", "dateUpdated": "2025-02-13T16:38:39.882Z"}, "containers": {"cna": {"affected": [{"packageName": "strongswan", "platforms": ["Linux"], "product": "strongSwan", "repo": "https://github.com/strongswan/strongswan", "vendor": "strongSwan", "versions": [{"lessThan": "5.9.6", "status": "affected", "version": "5.9.2", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Jan Schermer"}], "descriptions": [{"lang": "en", "value": "strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-297"}]}], "references": [{"tags": ["patch"], "url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"}, {"tags": ["vendor-advisory"], "url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"}, {"tags": ["issue-tracking"], "url": "https://www.cve.org/CVERecord?id=CVE-2022-4967"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0006/"}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-06-14T13:06:08.293Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4967", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T13:10:42.421746Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:16:33.158Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:55:46.125Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://www.cve.org/CVERecord?id=CVE-2022-4967"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0006/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136", "tags": ["patch", "x_transferred"]}, {"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0006/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:55:46.125Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4967", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T13:10:42.421746Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.528Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "type": "reporter", "value": "Jan Schermer"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/strongswan/strongswan", "vendor": "strongSwan", "product": "strongSwan", "versions": [{"status": "affected", "version": "5.9.2", "lessThan": "5.9.6", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "strongswan"}], "references": [{"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136", "tags": ["patch"]}, {"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html", "tags": ["vendor-advisory"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967", "tags": ["issue-tracking"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0006/"}], "descriptions": [{"lang": "en", "value": "strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-297"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-05-13T12:30:21.852Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4967", "state": "PUBLISHED", "dateUpdated": "2024-08-03T01:55:46.125Z", "dateReserved": "2024-04-19T18:02:23.578Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2024-05-13T12:09:19.104Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."}, {"lang": "es", "value": "Las versiones de strongSwan 5.9.2 a 5.9.5 se ven afectadas por la omisi\u00f3n de autorizaci\u00f3n debido a una validaci\u00f3n incorrecta del certificado con una discrepancia en el host (CWE-297). Cuando se utilizan certificados para autenticar clientes en m\u00e9todos EAP basados en TLS, no se exige que la identidad IKE o EAP proporcionada por un cliente est\u00e9 contenida en el certificado del cliente. De modo que los clientes pueden autenticarse con cualquier certificado confiable y reclamar una identidad IKE/EAP arbitraria como propia. Esto es problem\u00e1tico si la identidad se utiliza para tomar decisiones pol\u00edticas. Se public\u00f3 una soluci\u00f3n en la versi\u00f3n 5.9.6 de strongSwan en agosto de 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."}], "id": "CVE-2022-4967", "lastModified": "2024-11-21T07:36:20.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2024-05-14T11:57:00.550", "references": [{"source": "security@ubuntu.com", "url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"}, {"source": "security@ubuntu.com", "url": "https://security.netapp.com/advisory/ntap-20240614-0006/"}, {"source": "security@ubuntu.com", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4967"}, {"source": "security@ubuntu.com", "url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240614-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Awaiting Analysis"}