Vulnerability CVE-2021-41991

Vulnerability Name:

CVE-2021-41991 (CCN-211509)

Assigned:

2021-10-18

Published:

2021-10-18

Updated:

2022-04-12

Summary:

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-41991

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf

Source: XF
Type: UNKNOWN
strongswan-cve202141991-integer-overflow(211509)

Source: MISC
Type: Third Party Advisory
https://github.com/strongswan/strongswan/releases/tag/5.9.4

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-0b37146973

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-b3df83339e

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-95fab6a482

Source: DEBIAN
Type: Third Party Advisory
DSA-4989

Source: CCN
Type: strongSwan Web site
strongSwan Vulnerability (CVE-2021-41991)

Source: CONFIRM
Type: Exploit, Vendor Advisory
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html

Vulnerable Configuration:

Configuration 1:

cpe:/a:strongswan:strongswan:*:*:*:*:*:*:*:* (Version >= 4.2.10 and < 5.9.4)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:siemens:sinema_remote_connect_server:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:siemens:simatic_cp_1243-1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/o:siemens:scalance_sc632-2c_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*

Configuration 10:

cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*

Configuration 11:

cpe:/o:siemens:cp_1543-1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:cp_1543-1:-:*:*:*:*:*:*:*

Configuration 12:

cpe:/o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 13:

cpe:/o:siemens:simatic_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*

Configuration 14:

cpe:/o:siemens:simatic_net_cp1243-7_lte_eu_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*

Configuration 15:

cpe:/o:siemens:simatic_cp_1243-7_lte/us_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_cp_1243-7_lte/us:-:*:*:*:*:*:*:*

Configuration 16:

cpe:/o:siemens:simatic_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*

Configuration 17:

cpe:/o:siemens:scalance_sc636-2c_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*

Configuration 18:

cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*

Configuration 19:

cpe:/o:siemens:scalance_sc642-2c_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*

Configuration 20:

cpe:/o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:* (Version < 2.3)

AND

cpe:/h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*

Configuration 21:

cpe:/o:siemens:scalance_sc622-2c_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*

Configuration 22:

cpe:/o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*

Configuration 23:

cpe:/o:siemens:siplus_s7-1200_cp_1243-1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 24:

cpe:/o:siemens:siplus_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 25:

cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:strongswan:strongswan:5.6.0:*:*:*:*:*:*:*

OR cpe:/a:strongswan:strongswan:5.7.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7443	P	autoyast2-4.5.13-150500.1.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7487	P	e2fsprogs-1.46.4-150400.3.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7810	P	strongswan-5.9.7-150500.3.4 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51972	P	Security update for containerd (Important)	2022-12-13
oval:org.opensuse.security:def:791	P	Security update for ImageMagick (Moderate)	2022-10-01
oval:org.opensuse.security:def:3204	P	liblouis-data-2.6.4-6.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3504	P	gnome-settings-daemon-3.20.1-50.16.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3593	P	libfreetype6-2.6.3-7.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3692	P	libunwind-1.1-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94616	P	libXt-devel-1.1.5-2.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94834	P	strongswan-5.8.2-150400.17.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95223	P	strongswan-nm-5.8.2-150400.17.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95411	P	Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1 (Important)	2022-06-16
oval:org.opensuse.security:def:93293	P	(Moderate)	2022-05-05
oval:org.opensuse.security:def:100059	P	(Important)	2022-03-30
oval:org.opensuse.security:def:6204	P	Security update for lapack (Moderate)	2022-03-21
oval:org.opensuse.security:def:99748	P	(Important)	2022-02-18
oval:org.opensuse.security:def:102124	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:93140	P	(Important)	2022-01-25
oval:org.opensuse.security:def:113465	P	strongswan-5.9.4-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:111098	P	Security update for strongswan (Important)	2021-10-31
oval:org.opensuse.security:def:99155	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:30258	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:39497	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:73903	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:92205	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:102581	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:106438	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:9600	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:69740	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:64593	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:86672	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:33025	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:57115	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:82643	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:117509	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:23984	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:45344	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:92987	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:109247	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:10662	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:70802	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:105845	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:8849	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:68532	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:89208	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:59553	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:84684	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:126784	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:31292	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:55259	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:40914	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:76020	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:92400	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:102996	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:106725	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:9799	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:69939	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:99350	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:111751	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:64781	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:87489	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:33730	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:57518	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:83345	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:118332	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:29436	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:46220	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:1486	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:109662	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:10699	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:70839	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:101329	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:106040	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:9044	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:68576	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:89466	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:59811	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:85756	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:127181	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:31695	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:55961	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:95868	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:41790	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:76361	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:92599	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:102066	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:107995	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:10164	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:70304	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:99549	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:66952	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:88207	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:33988	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:58031	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:83465	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:119802	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:30138	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:51682	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:1784	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:38320	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:73715	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:92010	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:106239	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:9410	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:69550	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:98960	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:5863	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:60389	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:86159	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:32208	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:56081	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:96324	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:23694	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:43927	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:92798	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:102336	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:108790	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:10350	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:70490	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:105650	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:8663	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:67293	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:88524	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:34566	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:58848	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:84225	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:125617	P	Security update for strongswan (Important)	2021-10-19

BACK