5.9

CVE-2018-5389

Exploit

EPSS 0.45%
Published 06.09.2018 21:29:00
Last modified 21.11.2024 04:08:43
Source cret@cert.org
Teams watchlist Login
Open Login

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Ietf ≫ Internet Key Exchange Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.45%	0.63

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key

Third Party Advisory

https://my.f5.com/manage/s/article/K42378447

https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html

Third Party Advisory

Exploit

https://www.kb.cert.org/vuls/id/857035

Third Party Advisory

US Government Resource

https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-5389

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5389

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5389

EUVD