strongSwan Vulnerability (CVE-2023-26463)

Question

Has this been addressed in 19.0 MR2 or 19.5 MR1? Didn't find it in the Release Notes regarding IPsec.

LuCar Toni · Accepted Answer

Unlikely, SFOS is affected by this new vulnerability. 
 Linux strongSwan U5.5.3/K4.14.277 
 Used Version in SFOS. 
 Strongswan stated, the affected versions are the two last versions: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html 
 Regardless, you should create a support case.

Giridhar Katti · Answer

Our version is 5.6.3. 
 The below CVE mentions affected version as 5.9, so we are not affected by this. 
 
 strongSwan Vulnerability (CVE-2023-26463) 
 Mar 02, 2023 
 A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected.

strongSwan Vulnerability (CVE-2023-26463)

Top Replies