Unrated severityNVD Advisory· Published Apr 16, 2014· Updated May 6, 2026
CVE-2014-2338
CVE-2014-2338
Description
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
Affected products
57cpe:2.3:a:strongswan:strongswan:4.0.7:*:*:*:*:*:*:*+ 56 more
- cpe:2.3:a:strongswan:strongswan:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:5.1.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2014-04/msg00010.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-05/msg00064.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-05/msg00066.htmlnvd
- secunia.com/advisories/57823nvd
- www.debian.org/security/2014/dsa-2903nvd
- www.securityfocus.com/bid/66815nvd
News mentions
0No linked articles in our index yet.