CVE-2022-4967

Description

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

CVSS v3.1 Score

7.7

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
strongswan	strongswan	5.9.2 — 5.9.6

References

Advisories & Patches

https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136 https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136 https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html

Other References

https://security.netapp.com/advisory/ntap-20240614-0006/ https://www.cve.org/CVERecord?id=CVE-2022-4967 https://security.netapp.com/advisory/ntap-20240614-0006/ https://www.cve.org/CVERecord?id=CVE-2022-4967

Frequently Asked Questions

What is CVE-2022-4967? +

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136). It has a CVSS v3.1 base score of 7.7 (HIGH).

How severe is CVE-2022-4967? +

CVE-2022-4967 has a CVSS v3.1 score of 7.7 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2022-4967? +

CVE-2022-4967 affects products from strongswan, specifically: strongswan. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2022-4967? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.