Detections
Analytics

NewStart CGSL MAIN 6.06 : libreswan Multiple Vulnerabilities (NS-SA-2025-0243)

high Nessus Plugin ID 323228

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has libreswan packages installed that are affected by multiple vulnerabilities:

 - pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. (CVE-2023-30570)

 - Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054. (CVE-2013-2052)

 - Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet. (CVE-2013-4564)

 - Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. (CVE-2013-6467)

 - libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK. (CVE-2015-3204)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL libreswan packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/info/CVE-2013-2052

https://security.gd-linux.com/info/CVE-2013-4564

https://security.gd-linux.com/info/CVE-2013-6467

https://security.gd-linux.com/info/CVE-2015-3204

https://security.gd-linux.com/info/CVE-2015-3240

https://security.gd-linux.com/info/CVE-2016-3071

https://security.gd-linux.com/info/CVE-2016-5391

https://security.gd-linux.com/info/CVE-2023-30570

https://security.gd-linux.com/info/CVE-2024-2357

https://security.gd-linux.com/info/CVE-2024-3652

https://security.gd-linux.com/notice/NS-SA-2025-0243

Plugin Details

Severity: High

ID: 323228

File Name: newstart_cgsl_NS-SA-2025-0243_libreswan.nasl

Version: 1.1

Type: Local

Published: 6/27/2026

Updated: 6/27/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-2052

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2023-30570

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:libreswan, cpe:/o:zte:cgsl_main:6

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/26/2026

Vulnerability Publication Date: 5/13/2013

Reference Information

CVE: CVE-2013-2052, CVE-2013-4564, CVE-2013-6467, CVE-2015-3204, CVE-2015-3240, CVE-2016-3071, CVE-2016-5391, CVE-2023-30570, CVE-2024-2357, CVE-2024-3652

IAVA: 2024-A-0255