Cyber Resilience

CVE-2021-45079

Critical

Published: 31 January 2022

Published
31 January 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0011 29.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-45079 is a critical-severity NULL Pointer Dereference (CWE-476) vulnerability in Canonical Ubuntu Linux. Its CVSS base score is 9.1 (Critical).

Operationally, ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

strongswan
strongswan
4.1.2 — 5.9.5
debian
debian linux
10.0, 11.0, 9.0
fedoraproject
extra packages for enterprise linux
7.0, 8.0, 9.0
fedoraproject
fedora
34, 35
canonical
ubuntu linux
14.04, 16.04, 18.04, 20.04, 21.10

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References