Bird_banner_small4
strongSwan gmp Plugin Denial of Service
TSL ID TSL20170829-05
CVE ID(s) CVE-2017-11185
Severity High
Description

A denial-of-service vulnerability has been reported in strongSwan. The vulnerability is due to insufficient validation of RSA signature values before their use within the gmp plugin.

A remote attacker could exploit this vulnerability by sending a crafted message to the target server. Successful exploitation of this vulnerability could result in denial-of-service conditions on the target server.

The vendor, strongSwan, has released the following advisory regarding this vulnerability:

https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

Affected Products
  • strongSwan strongSwan prior to 5.6.0
CVSS Score Base 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is NONE
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 5.8 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
BID
References https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html
Related Threats