cve-2019-5613
Vulnerability from cvelistv5
Published
2020-02-18 15:26
Modified
2024-08-04 20:01
Severity ?
Summary
In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.
References
secteam@freebsd.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.ascPatch, Vendor Advisory
Impacted products
n/aFreeBSD
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:51.762Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeBSD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "12.0 before 12.0-RELEASE-p13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper check for unusual conditions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-18T15:26:45",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2019-5613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreeBSD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.0 before 12.0-RELEASE-p13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper check for unusual conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc",
              "refsource": "MISC",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2019-5613",
    "datePublished": "2020-02-18T15:26:45",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-08-04T20:01:51.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5613\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2020-02-18T16:15:11.173\",\"lastModified\":\"2020-03-05T16:44:42.257\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD versiones 12.0-RELEASE anteriores a 12.0-RELEASE-p13, una falta de comprobaci\u00f3n en el procesador de paquetes ipsec, permite que una reinyecci\u00f3n de un paquete antiguo sea aceptada por parte del endpoint de ipsec. Dependiendo del protocolo de nivel superior en uso mediante ipsec, esto podr\u00eda permitir una acci\u00f3n sea repetida.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"826B53C2-517F-4FC6-92E8-E7FCB24F91B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F10A46-AEF2-4FDD-92D6-0CF07B70F986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C7B8FCA-2170-469A-B6D6-2C6AB254F20F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94067A1-5C68-4401-A7B6-29B4FE553733\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"87EE567B-7604-41CC-B0A7-B51255D4C240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1AD57A9-F53A-4E40-966E-F2F50852C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4029113-130F-4A33-A8A0-BC3E74000378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"46C5A6FD-7BBF-4E84-9895-8EE14DC846E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"882669AB-BCFC-4517-A3E9-33D344F1ED0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC3D24FB-50A2-4E37-A479-AF21F8ECD706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"3070787D-76E1-4671-B99D-213F7103B3A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"0140276F-9C31-4B5C-A5AC-DE0EBB885275\"}]}]}],\"references\":[{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.