CVE-2002-20001

{"id": "CVE-2002-20001", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-11-11T19:15:07.380", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://dheatattack.com", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://dheatattack.gitlab.io/", "source": "cve@mitre.org"}, {"url": "https://github.com/Balasys/dheater", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/mozilla/ssl-config-generator/issues/162", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/dheatattack/dheater", "source": "cve@mitre.org"}, {"url": "https://ieeexplore.ieee.org/document/10374117", "source": "cve@mitre.org"}, {"url": "https://support.f5.com/csp/article/K83120834", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol", "tags": ["Exploit", "Technical Description"], "source": "cve@mitre.org"}, {"url": "https://www.suse.com/support/kb/doc/?id=000020510", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE."}, {"lang": "es", "value": "El Protocolo de Acuerdo de Claves Diffie-Hellman permite a atacantes remotos (del lado del cliente) enviar n\u00fameros arbitrarios que en realidad no son claves p\u00fablicas, y desencadenar costosos c\u00e1lculos de exponenciaci\u00f3n modular DHE del lado del servidor, tambi\u00e9n se conoce como un ataque D(HE)ater. El cliente necesita muy pocos recursos de CPU y ancho de banda de red. El ataque puede ser m\u00e1s perturbador en los casos en los que un cliente puede exigir al servidor que seleccione su mayor tama\u00f1o de clave soportado. El escenario b\u00e1sico del ataque es que el cliente debe afirmar que s\u00f3lo puede comunicarse con DHE, y el servidor debe estar configurado para permitir DHE"}], "lastModified": "2024-04-23T07:15:41.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:balasys:dheater:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE3F88FC-F039-433B-9035-88F1691DA082"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70A029CD-2AC4-4877-B1A4-5C72B351BA27"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE73DAA2-9CCA-4BD6-B11A-9326F79D9ABB", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "475E283C-8F3C-4051-B9E8-349845F8C528", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "956AC9F3-2042-4C21-A5E4-D2D4334D2FC3", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E17DBD3E-F5AC-4A35-81E0-C4804CAD78F9", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "346B71B1-D583-4463-ADF8-BEE700B0CA3A", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2AA25BA-72C5-48A9-BDBC-CA108208011F", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "308B0070-6716-4754-A5E4-C3D70CAB376B", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F26AB06-7FEB-4A56-B722-DBDEEE628DB8", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE48C9C9-6B84-4A4A-963D-6DFE0C2FB312", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878CD8E6-6B9B-431D-BD15-F954C7B8076F", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D9DB9B9-2959-448E-9B59-C873584A0E11", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AF04191-019B-4BC9-A9A7-7B7AA9B5B7D1", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F62D754D-A4A1-4093-AB42-9F51C19976CA", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90084CD6-FA4B-4305-BC65-58237BAF714E", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC9D4626-915F-42E5-81E0-6F8271084773", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7056F1FA-24AC-4D9F-8DDC-B3CA4740BF5E", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_service_proxy:1.6.0:*:*:*:*:kubernetes:*:*", "vulnerable": true, "matchCriteriaId": "BC5AC8C7-92BA-48D4-81A1-F5323DA952A9"}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E48AC50D-19B3-4E97-ADD2-B661BD891ED7", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B13C4244-BE15-4F2C-BBBA-35072571B041", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1B4FBF6-C23A-4BD2-ADFB-9617C03B603A", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "360D8842-2C55-450F-9AFA-09CA34B12598", "versionEndIncluding": "8.2.0", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA0B396A-B5CE-4337-A33A-EF58C4589CB3"}, {"criteria": "cpe:2.3:a:f5:f5os-a:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4A3C86A-CA2F-4AC8-A43E-765829A96147"}, {"criteria": "cpe:2.3:a:f5:f5os-a:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03E01235-F9B0-4CCF-AA08-FECF61C62B21"}, {"criteria": "cpe:2.3:a:f5:f5os-c:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BFAE8EC-9A5F-421D-990D-B6D454DECAEC", "versionEndIncluding": "1.3.2", "versionStartIncluding": "1.3.0"}, {"criteria": "cpe:2.3:a:f5:f5os-c:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC3EDB8D-5C16-49DF-BE48-C83744AD7788"}, {"criteria": "cpe:2.3:a:f5:f5os-c:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12FEEABD-9A4A-4A33-9B74-7B053352C47D"}, {"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42836A1C-81BB-4F80-9E32-EEE0DAA18D26"}, {"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA4D5EC6-8099-4D0A-AD6F-BA3B37C2EBD8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B3AD582-9909-4FF5-B541-571F18E22356", "versionEndExcluding": "10.06.0180", "versionStartIncluding": "10.06.0000"}, {"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21F81EB2-3916-4DC6-9600-B7FD17906B53", "versionEndExcluding": "10.07.0030", "versionStartIncluding": "10.07.0000"}, {"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71284AA8-9E0E-4B2F-8464-B49E1D6965B5", "versionEndExcluding": "10.08.0010", "versionStartIncluding": "10.08.0000"}, {"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F059E5A9-E613-4BE1-BF61-C477B3441175", "versionEndExcluding": "10.09.0002", "versionStartIncluding": "10.09.0000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7C2B56C-203F-4290-BCE7-8BD751DF9CEF"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF1DD310-3D31-4204-92E0-70C33EE44F08"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1218AAA5-01ED-4D89-A7AE-A600356ABD46"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10B5F18A-28B0-49B4-8374-C681C2B48D2A"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59B7E2D3-0B72-4A78-AEFA-F106FAD38156"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E87A92B-4EE5-4235-A0DA-195F27841DBB"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6BC24E52-13C0-402F-9ABF-A1DE51719AEF"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "76EF979E-061A-42A3-B161-B835E92ED180"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE04919C-9289-4FB3-938F-F8BB15EC6A74"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B630C64B-C474-477D-A80B-A0FB73ACCC49"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53ABE8B8-A4F6-400B-A893-314BE24D06B8"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C44383CC-3751-455E-B1AB-39B16F40DC76"}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B25A9CD2-5E5F-4BDB-8707-5D6941411A2B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62A933C5-C56E-485C-AD49-3B6A2C329131", "versionEndExcluding": "3.3.3"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7387F52-013D-432D-87D8-5D3ABD472C9E", "versionEndExcluding": "4.3.16", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8A23A5D-928A-4225-9C93-31E5DFE215A7", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}