CVE-2021-45079

CVE Details

CVE-2021-45079

Last Update

7/16/2024

NIST CVE Summary

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

Our Official Summary

This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: You can learn more at https://ubuntu.com/security/CVE-2021-45079.

CVE Severity

9.1

Status

Ongoing

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​