Vulnerability identifier: #VU15722

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16151

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
strongSwan
Server applications / Encryption software

Vendor: strongswan.org

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in RSA implementation based on GMP (verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c) within the gmp plugin that does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.

Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

strongSwan: 4.0.0 - 5.6.3

---

External links
http://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152)... 

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.