Libreswan Popular VPN Software Vulnerability - 20240419004 (#656)

* SolarWinds Releases Patches for Access Rights Manager vulnerabilities - 20240219001 * Format markdown files * Format markdown files * Junos OS RCE Vulnerability - 20240226002 * Format markdown files * Windows Themes Spoofing Vulnerability - 20240308003 * Format markdown files * Windows Themes Spoofing Vulnerability - 20240308003 - edited * Akamai Kubernetes Vulnerability - 20240318002 * Format markdown files * CISA Releases Multiple Critical Infrastructure Related Advisories - 20240327001 * Format markdown files * PGAdmin Remote Code Execution Vulnerability - 20240408001 * Format markdown files * Update 20240408001-PGAdmin-Remote-Code-Execution-Vulnerability.md FIxing tables * Format markdown files * Palo Alto Networks PAN-OS Command Injection Vulnerability added to CISA Known Exploited Catalog - 20240415001 * Format markdown files * Palo Alto Networks PAN-OS Command Injection Vulnerability added to CISA Known Exploited Catalog - 20240415001 * Format markdown files * Update 20240415001-PaloAlto-Networks-PAN-OS-Command-Injection-Vulnerability-added-to-CISA-Known-Exploited-Catalog.md Added older versions updates and Zero day notes * Format markdown files * Google Chrome Multiple RCE Vulnerabilities - 20240418002 * Format markdown docs * Remove duplicate 20240415001-PaloAlto * Update 20240418002-Google-Chrome-Multiple-RCE-Vulnerabilities.md Reviewed and Approved * Format markdown docs * Libreswan Popular VPN Software Vulnerability - 20240419004 * Format markdown docs * Update 20240419004-Libreswan-Popular-VPN-Software-Vulnerability.md Fix table --------- Co-authored-by: GitHub Actions <[email protected]> Co-authored-by: Joshua Hitchen (DGov) <[email protected]> Co-authored-by: LSerki <[email protected]> Co-authored-by: DGovEnterprise <[email protected]>
wagov · Apr 19, 2024 · 4bebc0a · 4bebc0a
1 parent 5c162eb
commit 4bebc0a
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/docs/advisories/20240419004-Libreswan-Popular-VPN-Software-Vulnerability.md b/docs/advisories/20240419004-Libreswan-Popular-VPN-Software-Vulnerability.md
@@ -0,0 +1,17 @@
+# Libreswan Popular VPN Software Vulnerability - 20240419004
+
+## Overview
+
+The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts.
+
+## What is vulnerable?
+
+| CVE                                                             | Severity | CVSS | Product(s) Affected       |
+| --------------------------------------------------------------- | -------- | ---- | ------------------------- |
+| [CVE-2024-3652](https://nvd.nist.gov/vuln/detail/CVE-2024-3652) | **High** | 7.5  | **Libreswan 3.22 - 4.14** |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe  (refer [Patch Management](../guidelines/patch-management.md)):
+
+- https://libreswan.org/security/CVE-2024-3652/