Vulnerability Description
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Frees Wan | Frees Wan | 1 |
| Frees Wan | Super Frees Wan | 1 |
| Openswan | Openswan | 1 |
| Strongswan | Strongswan | <= 2.1.2 |
References
- http://security.gentoo.org/glsa/glsa-200406-20.xmlPatchVendor Advisory
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070PatchVendor Advisory
- http://www.openswan.org/support/vuln/can-2004-0590/PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16515
- http://security.gentoo.org/glsa/glsa-200406-20.xmlPatchVendor Advisory
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070PatchVendor Advisory
- http://www.openswan.org/support/vuln/can-2004-0590/PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16515
FAQ
What is CVE-2004-0590?
CVE-2004-0590 is a vulnerability with a CVSS score of 10.0 (HIGH). FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticat...
How severe is CVE-2004-0590?
CVE-2004-0590 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0590?
Check the references section above for vendor advisories and patch information. Affected products include: Frees Wan Frees Wan, Frees Wan Super Frees Wan, Openswan Openswan, Strongswan Strongswan.