CVE-2018-5389

2018-09-0621:29:00

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.

OSVersionArchitecturePackageVersionFilename
Debian10allisakmpd<= 20041012-8isakmpd_20041012-8_all.deb
Debian12alllibreswan<= 4.10-2+deb12u1libreswan_4.10-2+deb12u1_all.deb
Debian11alllibreswan<= 4.3-1+deb11u4libreswan_4.3-1+deb11u4_all.deb
Debian10alllibreswan<= 3.27-6+deb10u1libreswan_3.27-6+deb10u1_all.deb
Debian999alllibreswan<= 4.14-1libreswan_4.14-1_all.deb
Debian13alllibreswan<= 4.14-1libreswan_4.14-1_all.deb
Debian12allstrongswan<= 5.9.8-5+deb12u1strongswan_5.9.8-5+deb12u1_all.deb
Debian11allstrongswan<= 5.9.1-1+deb11u4strongswan_5.9.1-1+deb11u4_all.deb
Debian10allstrongswan<= 5.7.2-1+deb10u2strongswan_5.7.2-1+deb10u2_all.deb
Debian999allstrongswan<= 5.9.13-2strongswan_5.9.13-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	isakmpd	<= 20041012-8	isakmpd_20041012-8_all.deb
Debian	12	all	libreswan	<= 4.10-2+deb12u1	libreswan_4.10-2+deb12u1_all.deb
Debian	11	all	libreswan	<= 4.3-1+deb11u4	libreswan_4.3-1+deb11u4_all.deb
Debian	10	all	libreswan	<= 3.27-6+deb10u1	libreswan_3.27-6+deb10u1_all.deb
Debian	999	all	libreswan	<= 4.14-1	libreswan_4.14-1_all.deb
Debian	13	all	libreswan	<= 4.14-1	libreswan_4.14-1_all.deb
Debian	12	all	strongswan	<= 5.9.8-5+deb12u1	strongswan_5.9.8-5+deb12u1_all.deb
Debian	11	all	strongswan	<= 5.9.1-1+deb11u4	strongswan_5.9.1-1+deb11u4_all.deb
Debian	10	all	strongswan	<= 5.7.2-1+deb10u2	strongswan_5.7.2-1+deb10u2_all.deb
Debian	999	all	strongswan	<= 5.9.13-2	strongswan_5.9.13-2_all.deb