CVE-2018-0131
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.
Una vulnerabilidad en la implementación de nonces cifrados por RSA en Cisco IOS Software y Cisco IOS XE Software podría permitir que un atacante remoto no autenticado obtenga los nonces cifrados de una sesión IKE v1(Internet Key Exchange Version 1). La vulnerabilidad existe debido a que el software afectado responde incorrectamente a los errores de descifrado. Un atacante podría explotar esta vulnerabilidad para enviar textos cifrados manipulados a u dispositivo configurado con IKEv1 que emplea nonces cifrados por RSA. Su explotación con éxito podría permitir que el atacante obtenga los nonces cifrados. Cisco Bug IDs: CSCve77140.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-08-14 CVE Published
- 2024-02-13 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-326: Inadequate Encryption Strength
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/105074 | Third Party Advisory | |
http://www.securitytracker.com/id/1041539 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.5\(3\)s Search vendor "Cisco" for product "Ios" and version "15.5\(3\)s" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 15.5\(3\)s Search vendor "Cisco" for product "Ios Xe" and version "15.5\(3\)s" | - |
Affected
|