CVE-2022-4967: 
strongSwan vulnerability analysis and mitigation

strongSwan versions 5.9.2 through 5.9.5 are affected by an authorization bypass vulnerability through improper validation of certificate with host mismatch. The vulnerability was discovered in May 2024 and affects the TLS-based EAP methods implementation in strongSwan. A fix was released in strongSwan version 5.9.6 in August 2022 (StrongSwan Blog, NVD).

The vulnerability occurs when certificates are used to authenticate clients in TLS-based EAP methods. The IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. The issue was introduced with TLS 1.3 support in version 5.9.2, where the lookup for trusted client certificates on the server was refactored to use the client certificate's subject DN instead of the supplied IKE or EAP identity. The vulnerability has been assigned a CVSS v3.1 base score of 7.7 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (StrongSwan Blog, CVE).

The vulnerability allows clients to authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This becomes problematic when the identity is used to make policy decisions, either through strongSwan's configuration or via plugins/scripts that match the identity. This could affect access control to different networks or other policy-based decisions. However, remote code execution is not possible through this vulnerability (StrongSwan Blog).

Systems running strongSwan versions older than 5.9.2 or newer than 5.9.5 are not affected by this vulnerability. For affected versions, patches are available that fix the vulnerability. The issue was permanently fixed in strongSwan version 5.9.6. Setups that don't match client identities when using TLS-based EAP methods are also not vulnerable, as clients still need to use a trusted certificate (StrongSwan Blog).