CVE-2023-26463
CRITICALstrongSwan 5.9.8-5.9.9 - Remote Code Execution via EAP-TLS Client Certificate Handling
Title source: llmDescription
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.
References (3)
Core 3
Core References
Release Notes
https://github.com/strongswan/strongswan/releases
Mitigation, Vendor Advisory
https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230517-0010/
Scores
CVSS v3
9.8
EPSS
0.0226
EPSS Percentile
80.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
CWE-476
Status
published
Products (2)
strongswan/strongswan
5.9.8
strongswan/strongswan
5.9.9
Published
Apr 15, 2023
Tracked Since
Feb 18, 2026