CVE-2014-2338

strongSwan <5.1.3 - Auth Bypass

Title source: llm

Description

IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.

References (7)

Scores

EPSS 0.0032
EPSS Percentile 54.3%

Classification

CWE
CWE-287
Status draft

Affected Products (50)

strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
strongswan/strongswan
... and 35 more

Timeline

Published Apr 16, 2014
Tracked Since Feb 18, 2026