FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Missing IPsec anti-replay window check

Affected packages
12.0 <= FreeBSD-kernel < 12.0_13


VuXML ID 5797c807-4279-11ea-b184-f8b156ac3ff9
Discovery 2020-01-28
Entry 2020-01-29

Problem Description:

A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint.


The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.


CVE Name CVE-2019-5613
FreeBSD Advisory SA-20:02.ipsec