Libreswan IKEv1 Processing Vulnerability in Project Software
CVE-2019-10155

3.1LOW

Key Information:

Status
Vendor
CVE Published:
12 June 2019

What is CVE-2019-10155?

The Libreswan Project has identified a vulnerability related to the processing of IKEv1 informational exchange packets. In affected versions prior to 3.29, while these packets are encrypted and integrity-protected using established IKE SA keys, there is a significant flaw in how the receiver checks the integrity of these packets. Specifically, the integrity check value was not validated, potentially allowing malicious actors to exploit this oversight and compromise the integrity of the communication. It is crucial for users running older versions to upgrade immediately to ensure their systems are protected against this vulnerability.

Affected Version(s)

libreswan 3.29

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.