4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.2%
Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389)
It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible.
An attacker may be able to recover a weak Pre-Shared Key.
Use Secure Passwords
Use cryptographically secure PSK values that resist brute force or dictionary attacks.
As mentioned in USENIX '18 presentation
> To counter these attacks, both entry points must be closed: Only high entropy PSKs should be used, and both PKE and RPKE modes should be deactivated in all IKE devices. It is not sufficient to configure key sep- aration on the sender side. All receivers must also be informed about this key separation – novel solutions are required to achieve this task.
Thanks to Martin Grothe, Joerg Schwenk, and Dennis Felsch for reporting this vulnerability.
This document was written by Trent Novelly.
857035
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Notified: 2018-07-18 Updated: 2018-08-17 CVE-2018-5389 | Not Affected |
---|
We have not received a statement from the vendor.
Updated: 2024-06-24 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
F5 had published a security advisory related to this vulnerability, more information can be found here: https://my.f5.com/manage/s/article/K42378447
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2018-07-18 Updated: 2018-07-18 CVE-2018-5389 | Unknown |
---|
We have not received a statement from the vendor.
View all 142 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 8.8 | AV:N/AC:M/Au:N/C:C/I:C/A:N |
Temporal | 7.9 | E:POC/RL:U/RC:– |
Environmental | 7.9 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
CVE IDs: | CVE-2018-5389 |
---|---|
API URL: | VINCE JSON |
Date Public: | 2018-08-14 Date First Published: |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.2%