LOWCVE-2019-10155CVSS 3.1

CVE-2019-10155: IKEv1 Integrity Check Failure in Libreswan

Platform

linux

Component

libreswan

Fixed in

3.29.1

AI Confidence: highNVDEPSS 0.2%Reviewed: May 2026

View on NVD

Save

CVE-2019-10155 describes a vulnerability in Libreswan, a widely used IPsec implementation. This flaw stems from a failure to properly verify integrity checks on encrypted IKEv1 informational exchange packets. While the packets are encrypted, the lack of integrity verification could lead to information disclosure. This vulnerability affects Libreswan versions prior to 3.29 and has been resolved in version 3.29.

Impact and Attack Scenarios

An attacker exploiting CVE-2019-10155 could potentially intercept and analyze IKEv1 informational exchange packets, gaining access to sensitive data transmitted within those packets. While the data is encrypted, the lack of integrity verification means an attacker could potentially manipulate the packets without detection, leading to information leakage. The impact is considered LOW due to the specific nature of the vulnerability and the requirement for an attacker to be able to intercept and process IKEv1 traffic. This could be a concern in environments where IKEv1 is actively used and not properly secured.

Exploitation Context

CVE-2019-10155 was publicly disclosed on June 12, 2019. There is no indication of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of exploitation in the wild. The vulnerability's LOW CVSS score further supports this assessment.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.22% (45% percentile)

CVSS Vector

Affected Software

Componentlibreswan

Vendorthe libreswan Project

Affected rangeFixed in

3.29 – 3.293.29.1

Weakness Classification (CWE)

CWE-354

Timeline

Reserved2019-03-27
Published2019-06-12
Modified2024-08-04
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2019-10155 is to upgrade Libreswan to version 3.29 or later. If upgrading is not immediately feasible, consider disabling IKEv1 if it is not essential for your environment. Review your IPsec configuration to ensure that only necessary IKEv1 traffic is permitted. Monitor Libreswan logs for any unusual activity related to IKEv1 exchanges. After upgrading, confirm the fix by initiating an IKEv1 exchange and verifying that integrity checks are functioning correctly.

How to fix

Update Libreswan to version 3.29 or later. This update corrects the vulnerability in the processing of IKEv1 packets. Refer to the Libreswan website for instructions on how to update.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2019-10155 — IKEv1 Integrity Check Failure in Libreswan?

CVE-2019-10155 is a vulnerability in Libreswan versions before 3.29 where integrity checks on IKEv1 informational exchange packets are not properly verified, potentially leading to information disclosure.

Am I affected by CVE-2019-10155 in Libreswan?

You are affected if you are using Libreswan versions prior to 3.29. Check your Libreswan version and upgrade if necessary.

How do I fix CVE-2019-10155 in Libreswan?

Upgrade Libreswan to version 3.29 or later. If upgrading is not possible, consider disabling IKEv1 if it's not essential.

Is CVE-2019-10155 being actively exploited?

There is no public evidence of active exploitation of CVE-2019-10155 at this time.

Where can I find the official Libreswan advisory for CVE-2019-10155?

Refer to the Libreswan security advisory: https://www.libreswan.org/security/advisories/cve-2019-10155