CVE-2002-20001
Last modified
CVE-2002-20001 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. EPSS estimates a 23.06% chance of exploitation in the next 30 days.
Description
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Balasys | Dheater | All versions |
| Siemens | Scalance W1750d Firmware | All versions |
| Suse | Linux Enterprise Server | 11 |
| Suse | Linux Enterprise Server | 12 |
| Suse | Linux Enterprise Server | 15 |
| F5 | Big-Ip Access Policy Manager | >= 13.1.0, < 16.1.4 |
| F5 | Big-Ip Access Policy Manager | >= 17.0.0, < 17.1.0 |
| F5 | Big-Ip Advanced Firewall Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Advanced Firewall Manager | 17.5.0 |
| F5 | Big-Ip Advanced Web Application Firewall | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Advanced Web Application Firewall | 17.5.0 |
| F5 | Big-Ip Analytics | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Analytics | 17.5.0 |
| F5 | Big-Ip Application Acceleration Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Application Acceleration Manager | 17.5.0 |
| F5 | Big-Ip Application Security Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Application Security Manager | 17.5.0 |
| F5 | Big-Ip Application Visibility And Reporting | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Application Visibility And Reporting | 17.5.0 |
| F5 | Big-Ip Carrier-Grade Nat | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Carrier-Grade Nat | 17.5.0 |
| F5 | Big-Ip Ddos Hybrid Defender | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Ddos Hybrid Defender | 17.5.0 |
| F5 | Big-Ip Domain Name System | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Domain Name System | 17.5.0 |
| F5 | Big-Ip Edge Gateway | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Edge Gateway | 17.5.0 |
| F5 | Big-Ip Fraud Protection Service | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Fraud Protection Service | 17.5.0 |
| F5 | Big-Ip Global Traffic Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Global Traffic Manager | 17.5.0 |
| F5 | Big-Ip Link Controller | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Link Controller | 17.5.0 |
| F5 | Big-Ip Local Traffic Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Local Traffic Manager | 17.5.0 |
| F5 | Big-Ip Policy Enforcement Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Policy Enforcement Manager | 17.5.0 |
| F5 | Big-Ip Service Proxy | 1.6.0 |
| F5 | Big-Ip Ssl Orchestrator | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Ssl Orchestrator | 17.5.0 |
| F5 | Big-Ip Webaccelerator | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Webaccelerator | 17.5.0 |
| F5 | Big-Ip Websafe | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Websafe | 17.5.0 |
| F5 | Big-Iq Centralized Management | >= 8.0.0, <= 8.4.0 |
| F5 | Big-Iq Centralized Management | 7.1.0 |
| F5 | Traffix Signaling Delivery Controller | 5.1.0 |
| F5 | Traffix Signaling Delivery Controller | 5.2.0 |
| F5 | F5os-A | >= 1.3.0, <= 1.3.2 |
| F5 | F5os-A | >= 1.5.0, <= 1.5.3 |
Showing 50 of 64 affected configurations. See NVD for the full list.
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdfThird Party Advisory
- https://dheatattack.comThird Party Advisory
- https://dheatattack.gitlab.io/Third Party Advisory
- https://github.com/Balasys/dheaterProduct, Third Party Advisory
- https://gitlab.com/dheatattack/dheaterThird Party Advisory
- https://ieeexplore.ieee.org/document/10374117Technical Description, Third Party Advisory
- https://support.f5.com/csp/article/K83120834Third Party Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txtTechnical Description, Third Party Advisory
- https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/Third Party Advisory
- https://www.suse.com/support/kb/doc/?id=000020510Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdfThird Party Advisory
- https://dheatattack.comThird Party Advisory
- https://dheatattack.gitlab.io/Third Party Advisory
- https://github.com/Balasys/dheaterProduct, Third Party Advisory
- https://gitlab.com/dheatattack/dheaterThird Party Advisory
- https://ieeexplore.ieee.org/document/10374117Technical Description, Third Party Advisory
- https://support.f5.com/csp/article/K83120834Third Party Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txtTechnical Description, Third Party Advisory
- https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/Third Party Advisory
- https://www.suse.com/support/kb/doc/?id=000020510Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2002-20001?
How severe is CVE-2002-20001?
How do I fix CVE-2002-20001?
Are you affected by CVE-2002-20001?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST