{"containers": {"cna": {"affected": [{"product": "libreswan", "vendor": "the libreswan Project", "versions": [{"status": "affected", "version": "3.29"}]}], "descriptions": [{"lang": "en", "value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "CWE-354", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-06T00:07:32", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://libreswan.org/security/CVE-2019-10155/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"}, {"name": "FEDORA-2019-f7fb531958", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"}, {"name": "FEDORA-2019-1bd9cfb718", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"}, {"name": "RHSA-2019:3391", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3391"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-10155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libreswan", "version": {"version_data": [{"version_value": "3.29"}]}}]}, "vendor_name": "the libreswan Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."}]}, "impact": {"cvss": [[{"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-354"}]}]}, "references": {"reference_data": [{"name": "https://libreswan.org/security/CVE-2019-10155/", "refsource": "MISC", "url": "https://libreswan.org/security/CVE-2019-10155/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"}, {"name": "FEDORA-2019-f7fb531958", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"}, {"name": "FEDORA-2019-1bd9cfb718", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"}, {"name": "RHSA-2019:3391", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3391"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:10:09.974Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://libreswan.org/security/CVE-2019-10155/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"}, {"name": "FEDORA-2019-f7fb531958", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"}, {"name": "FEDORA-2019-1bd9cfb718", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"}, {"name": "RHSA-2019:3391", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3391"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10155", "datePublished": "2019-06-12T13:51:01", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:10:09.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "03762F60-C5B0-4D4C-95E1-9D6BDA7A2C0B", "versionEndExcluding": "3.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "489C88AB-FD16-4BBD-9915-906B88F9A9E5", "versionEndExcluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xelerance:openswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "06958DB5-E8C3-4446-B3CF-D1D7B58B4CE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en el proyecto The Libreswan en el procesador de IKEv1 Los paquetes de intercambio informativo IKEv1 que est\u00e1n cifrados y protegidos por integridad utilizando las claves de integridad y cifrado IKE SA establecidas, pero como receptor, el valor de verificaci\u00f3n de integridad no se verific\u00f3. Este problema afecta a las versiones anteriores a 3.29."}], "id": "CVE-2019-10155", "lastModified": "2023-11-07T03:02:25.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-12T14:29:02.917", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3391"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://libreswan.org/security/CVE-2019-10155/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-354"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank team (Libreswan Project) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:3391", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreswan-0:3.29-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}], "bugzilla": {"description": "libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check", "id": "1714141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714141"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-354", "details": ["The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.", "A vulnerability was found in the Libreswan Project. It was discovered that libreswan, strongswan, and openswan did not verify the integrity check value for received IKEv1 Informational Exchange packets."], "mitigation": {"lang": "en:us", "value": "If all IKE peers support IKEv2, it is possible to reconfigure IKEv1 connections to use IKEv2 via the \"ikev2=insist\" keyword."}, "name": "CVE-2019-10155", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "openswan", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "openswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2019-06-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10155\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10155\nhttps://libreswan.org/security/CVE-2019-10155/"], "threat_severity": "Low", "upstream_fix": "libreswan 3.29"}