How severe is CVE-2022-4967?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2022-4967?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2022-4967 - HIGH Severity | CVSS 7.7

Vulnerability Description

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

Related Vulnerabilities

CVE-2016-0362

HIGH

CVSS:7.7(High)

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger net...

NVD-CWE-Other2016

CVE-2016-1996

HIGH

CVSS:7.7(High)

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

NVD-CWE-Other2016

CVE-2016-3440

HIGH

CVSS:7.7(High)

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

NVD-CWE-Other2016

CVE-2016-3481

HIGH

CVSS:7.7(High)

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web.

NVD-CWE-Other2016

CVE-2016-3503

HIGH

CVSS:7.7(High)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

NVD-CWE-Other2016

CVE-2016-3511

HIGH

CVSS:7.7(High)

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.

NVD-CWE-Other2016