cvedb.io
CVE-2021-45079
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2022-01-31T08:15:07.307 · Last modified 2026-06-17T04:13:08.283

Summary

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

Affected products

strongswan — strongswan

Does this affect you?

Add your gear to cvedb and we'll alert you only when strongswan ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.