Improper Authentication in strongSwan - CVE-2018-16152
Published: November 6, 2018
Vulnerability identifier: #VU15729
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-16152
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: strongswan.org
Affected software:
strongSwan
strongSwan
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the RSA implementation based on GMP within the verify_emsa_pkcs1_signature() function in gmp_rsa_public_key.c in the gmp plugin. The GMP plugin does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.
Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.
How to mitigate CVE-2018-16152
Install updates from vendor's website.