CVE-2002-20001

Exploit

EPSS 14.68%
Veröffentlicht 11.11.2021 19:15:07
Zuletzt bearbeitet 22.08.2025 10:33:16
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Balasys ≫ Dheater Version-

Siemens ≫ Scalance W1750d Firmware

Siemens ≫ Scalance W1750d Version-

Suse ≫ Linux Enterprise Server Version11 Update-

Suse ≫ Linux Enterprise Server Version12 Update-

Suse ≫ Linux Enterprise Server Version15

F5 ≫ Big-ip Access Policy Manager Version >= 13.1.0 < 16.1.4

F5 ≫ Big-ip Access Policy Manager Version >= 17.0.0 < 17.1.0

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Advanced Firewall Manager Version17.5.0

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Advanced Web Application Firewall Version17.5.0

F5 ≫ Big-ip Analytics Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Analytics Version17.5.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Application Acceleration Manager Version17.5.0

F5 ≫ Big-ip Application Security Manager Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Application Security Manager Version17.5.0

F5 ≫ Big-ip Application Visibility And Reporting Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Application Visibility And Reporting Version17.5.0

F5 ≫ Big-ip Carrier-grade Nat Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Carrier-grade Nat Version17.5.0

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Ddos Hybrid Defender Version17.5.0

F5 ≫ Big-ip Domain Name System Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Domain Name System Version17.5.0

F5 ≫ Big-ip Edge Gateway Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Edge Gateway Version17.5.0

F5 ≫ Big-ip Fraud Protection Service Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Fraud Protection Service Version17.5.0

F5 ≫ Big-ip Global Traffic Manager Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Global Traffic Manager Version17.5.0

F5 ≫ Big-ip Link Controller Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Link Controller Version17.5.0

F5 ≫ Big-ip Local Traffic Manager Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Local Traffic Manager Version17.5.0

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Policy Enforcement Manager Version17.5.0

F5 ≫ Big-ip Service Proxy Version1.6.0 SwPlatformkubernetes

F5 ≫ Big-ip Ssl Orchestrator Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Ssl Orchestrator Version17.5.0

F5 ≫ Big-ip Webaccelerator Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Webaccelerator Version17.5.0

F5 ≫ Big-ip Websafe Version >= 13.1.0 <= 17.1.2

F5 ≫ Big-ip Websafe Version17.5.0

F5 ≫ Big-iq Centralized Management Version >= 8.0.0 <= 8.4.0

F5 ≫ Big-iq Centralized Management Version7.1.0

F5 ≫ Traffix Signaling Delivery Controller Version5.1.0

F5 ≫ Traffix Signaling Delivery Controller Version5.2.0

F5 ≫ F5os-a Version >= 1.3.0 <= 1.3.2

F5 ≫ F5os-a Version >= 1.5.0 <= 1.5.3

F5 ≫ F5os-a Version1.8.0

F5 ≫ F5os-c Version >= 1.3.0 <= 1.3.2

F5 ≫ F5os-c Version >= 1.6.0 <= 1.6.2

F5 ≫ F5os-c Version1.5.0

F5 ≫ F5os-c Version1.5.1

F5 ≫ F5os-c Version1.8.0

F5 ≫ F5os-c Version1.8.1

Hpe ≫ Arubaos-cx Version >= 10.06.0000 < 10.06.0180

   Hpe ≫ Aruba Cx 4100i Version-
   Hpe ≫ Aruba Cx 6100 Version-
   Hpe ≫ Aruba Cx 6200f Version-
   Hpe ≫ Aruba Cx 6200m Version-
   Hpe ≫ Aruba Cx 6300f Version-
   Hpe ≫ Aruba Cx 6300m Version-
   Hpe ≫ Aruba Cx 6405 Version-
   Hpe ≫ Aruba Cx 6410 Version-
   Hpe ≫ Aruba Cx 8320 Version-
   Hpe ≫ Aruba Cx 8325-32c Version-
   Hpe ≫ Aruba Cx 8325-48y8c Version-
   Hpe ≫ Aruba Cx 8360-12c Version-
   Hpe ≫ Aruba Cx 8360-16y2c Version-
   Hpe ≫ Aruba Cx 8360-24xf2c Version-
   Hpe ≫ Aruba Cx 8360-32y4c Version-
   Hpe ≫ Aruba Cx 8360-48xt4c Version-
   Hpe ≫ Aruba Cx 8360-48y6c Version-
   Hpe ≫ Aruba Cx 8400 Version-

Hpe ≫ Arubaos-cx Version >= 10.07.0000 < 10.07.0030

Hpe ≫ Arubaos-cx Version >= 10.08.0000 < 10.08.0010

Hpe ≫ Arubaos-cx Version >= 10.09.0000 < 10.09.0002

Stormshield ≫ Stormshield Management Center Version < 3.3.3

Stormshield ≫ Stormshield Network Security Version >= 2.7.0 < 4.3.16

Stormshield ≫ Stormshield Network Security Version >= 4.4.0 < 4.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.68%	0.942

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf

Third Party Advisory

https://dheatattack.com

Third Party Advisory

https://dheatattack.gitlab.io/

Third Party Advisory

https://github.com/Balasys/dheater

Third Party Advisory

Product

https://github.com/mozilla/ssl-config-generator/issues/162

Issue Tracking

https://gitlab.com/dheatattack/dheater