| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
Summary
A vulnerability was found in strongSwan. It has been rated as problematic. This impacts an unknown function of the component IKEv2 Handler. The manipulation leads to data processing. This vulnerability is referenced as CVE-2014-9221. No exploit is available. Upgrading the affected component is advised.
Details
A vulnerability was found in strongSwan (Network Encryption Software) and classified as problematic. This issue affects an unknown function of the component IKEv2 Handler. The manipulation with an unknown input leads to a data processing vulnerability. Using CWE to declare the problem leads to CWE-19. Impacted is availability. The summary by CVE is:
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
The weakness was published 01/05/2015 by Mike Daskalakis as strongSwan Denial-of-Service Vulnerability (CVE-2014-9221) as confirmed advisory (Website). It is possible to read the advisory at strongswan.org. The identification of this vulnerability is CVE-2014-9221 since 12/02/2014. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available. The advisory points out:
The bug can be triggered by an IKEv2 Key Exchange (KE) payload that contains the Diffie-Hellman (DH) group 1025. This identifier is from the private-use range and only used internally by libtls for DH groups with custom generator and prime (MODP_CUSTOM). As such the instantiated DH implementation expects that these two values are passed to the constructor. This is not the case when a DH object is created based on the group in the KE payload. Therefore, an invalid pointer is dereferenced later, which causes a segmentation fault. This means that the IKE daemon can be crashed with a single IKE_SA_INIT message containing such a KE payload.
The vulnerability scanner Nessus provides a plugin with the ID 83680 (SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:0281-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123921 (Fedora Security Update for strongswan (FEDORA-2015-5279)). The advisory illustrates:
Remote code execution is not possible due to this issue, nor is IKEv1 affected in charon or pluto.
Upgrading to version 5.2.2 eliminates this vulnerability.
The vulnerability is also documented in the databases at Tenable (83680), SecurityFocus (BID 71894†), Secunia (SA62071†), SecurityTracker (ID 1031489†) and Vulnerability Center (SBV-48003†). Similar entry is available at VDB-106201. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Data processingCWE: CWE-19
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 83680
Nessus Name: SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:0281-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 703118
OpenVAS Name: Debian Security Advisory DSA 3118-1 (strongswan - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: strongSwan 5.2.2
Timeline
12/02/2014 🔍01/05/2015 🔍
01/05/2015 🔍
01/05/2015 🔍
01/06/2015 🔍
01/06/2015 🔍
01/06/2015 🔍
01/07/2015 🔍
01/12/2015 🔍
05/20/2015 🔍
03/01/2022 🔍
Sources
Advisory: strongSwan Denial-of-Service Vulnerability (CVE-2014-9221)Researcher: Mike Daskalakis
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-9221 (🔍)
GCVE (CVE): GCVE-0-2014-9221
GCVE (VulDB): GCVE-100-68495
OVAL: 🔍
SecurityFocus: 71894 - Strongswan IKEv2 Payloads CVE-2014-9221 Remote Denial Of Service Vulnerability
Secunia: 62071 - Debian update for strongswan, Less Critical
SecurityTracker: 1031489 - strongSwan IKEv2 Processing Flaw Lets Remote Users Deny Service
Vulnerability Center: 48003 - StrongSwan Before 5.2.1 Remote DoS via a Crafted IKEv2 Key Exchange, High
See also: 🔍
Entry
Created: 01/06/2015 12:35Updated: 03/01/2022 20:34
Changes: 01/06/2015 12:35 (77), 06/17/2017 07:49 (11), 03/01/2022 20:34 (3)
Complete: 🔍
Cache ID: 216:F23:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.