CVE-2021-45079
CVE Details
Last Update
7/16/2024
NIST CVE Summary
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
Our Official Summary
This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: You can learn more at https://ubuntu.com/security/CVE-2021-45079.
CVE Severity
Status
Ongoing