CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136	Patch
https://security.netapp.com/advisory/ntap-20240614-0006/	Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2022-4967	Third Party Advisory
https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html	Mitigation Vendor Advisory
https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136	Patch
https://security.netapp.com/advisory/ntap-20240614-0006/	Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2022-4967	Third Party Advisory
https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-05-14 11:57

Updated : 2025-11-06 22:25

NVD link : CVE-2022-4967

Mitre link : CVE-2022-4967

CVE.ORG link : CVE-2022-4967

JSON object : View

Products Affected

strongswan

strongswan

CWE

NVD-CWE-Other

{"id": "CVE-2022-4967", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T11:57:00.550", "references": [{"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0006/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html", "tags": ["Mitigation", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0006/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."}, {"lang": "es", "value": "Las versiones de strongSwan 5.9.2 a 5.9.5 se ven afectadas por la omisi\u00f3n de autorizaci\u00f3n debido a una validaci\u00f3n incorrecta del certificado con una discrepancia en el host (CWE-297). Cuando se utilizan certificados para autenticar clientes en m\u00e9todos EAP basados en TLS, no se exige que la identidad IKE o EAP proporcionada por un cliente est\u00e9 contenida en el certificado del cliente. De modo que los clientes pueden autenticarse con cualquier certificado confiable y reclamar una identidad IKE/EAP arbitraria como propia. Esto es problem\u00e1tico si la identidad se utiliza para tomar decisiones pol\u00edticas. Se public\u00f3 una soluci\u00f3n en la versi\u00f3n 5.9.6 de strongSwan en agosto de 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."}], "lastModified": "2025-11-06T22:25:21.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DE17337-2E3A-437B-8268-CE02E309BF95", "versionEndExcluding": "5.9.6", "versionStartIncluding": "5.9.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}