MidnightBSD

Advisories for balasys

CVE-2002-20001 MEDIUM

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller *
f5 traffix_sdc 5.1.0
f5 f5os-a 1.8.0
f5 big-ip_fraud_protection_service 17.5.0
f5 big-iq_centralized_management *
f5 traffix_signaling_delivery_controller 5.1.0
f5 big-ip_local_traffic_manager 17.5.0
f5 big-iq_centralized_management 7.1.0
f5 big-ip_link_controller 17.5.0
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 17.5.0
f5 big-ip_global_traffic_manager 17.5.0
f5 big-ip_analytics *
suse linux_enterprise_server 12
hpe arubaos-cx *
f5 big-ip_local_traffic_manager *
f5 big-ip_websafe 17.5.0
f5 big-ip_analytics 17.5.0
f5 f5os-a *
f5 f5os-a 1.3.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_application_visibility_and_reporting *
stormshield stormshield_management_center *
f5 big-ip_ssl_orchestrator 17.5.0
balasys dheater -
suse linux_enterprise_server 15
f5 f5os-c 1.5.1
f5 f5os-a 1.3.1
f5 big-ip_application_visibility_and_reporting 17.5.0
f5 big-ip_global_traffic_manager *
f5 f5os-c *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_edge_gateway 17.5.0
f5 big-ip_webaccelerator 17.5.0
f5 big-ip_ddos_hybrid_defender 17.5.0
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system 17.5.0
f5 f5os-c 1.8.1
f5 big-ip_advanced_web_application_firewall 17.5.0
f5 big-ip_service_proxy 1.6.0
stormshield stormshield_network_security *
f5 big-ip_websafe *
f5 traffix_sdc 5.2.0
suse linux_enterprise_server 11
f5 big-ip_carrier-grade_nat 17.5.0
f5 big-ip_application_security_manager *
f5 f5os-c 1.5.0
siemens scalance_w1750d_firmware *
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager 17.5.0
f5 big-ip_carrier-grade_nat *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_fraud_protection_service *
f5 traffix_signaling_delivery_controller 5.2.0
f5 big-ip_application_security_manager 17.5.0
f5 big-ip_advanced_firewall_manager 17.5.0
f5 f5os-c 1.8.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *