FreeBSD : FreeBSD -- Missing IPsec anti-replay window check (5797c807-4279-11ea-b184-f8b156ac3ff9)

High Nessus Plugin ID 133709

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. Impact : The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?0eca2786

Plugin Details

Severity: High

ID: 133709

File Name: freebsd_pkg_5797c807427911eab184f8b156ac3ff9.nasl

Version: 1.5

Type: local

Published: 2020/02/14

Updated: 2020/05/08

Dependencies: 12634

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/01/29

Vulnerability Publication Date: 2020/01/28

Reference Information

CVE: CVE-2019-5613

FreeBSD: SA-20:02.ipsec

IAVA: 2020-A-0048-S