Strongswan » Strongswan » 4.2.0 : Security Vulnerabilities, CVEs, CVSS score >= 9
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
Max CVSS
9.1
EPSS Score
0.17%
Published
2022-01-31
Updated
2022-07-12
1 vulnerabilities found