CVE-2024-54847

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman DH parameters and access sensitive data or execute a man-in-the-middle attack...

CVE-2024-54847

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman DH parameters and access sensitive data or execute a man-in-the-middle attack...

CP Plus CP-VNR-3104 安全漏洞

The CP Plus CP-VNR-3104 is a network video recorder from CP Plus. A security vulnerability exists in CP Plus CP-VNR-3104 version B3223P22C02424. An attacker could exploit the vulnerability to access Diffie-Hellman DH parameters and access sensitive data or perform a man-in-the-middle attack...

PT-2025-3077 · Cp Plus · Cp Plus Cp-Vnr-3104

Name of the Vulnerable Software and Affected Versions: CP Plus CP-VNR-3104 B3223P22C02424 affected versions not specified Description: The issue allows attackers to access the Diffie-Hellman DH parameters, potentially leading to access of sensitive data or execution of a man-in-the-middle attack...

BIT-NODE-MIN-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

Brocade Fabric OS (8.2.3x Release) Vulnerability Disclosures

Brocade Security Advisories==================================================Previously disclosed Brocade Security Advisories in 8.2.3x releases CVEs addressed in FOS v8.2.3e1 CVE-2024-5461 Command or parameter injection via unique embedded switch SNMP commands PSIRT Risk:...

The vulnerability of the Diffie-Hellman algorithm in microprogrammed logic controllers (PLCs) from Schneider Electric Modicon M340 CPU BMXP34 allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Diffie-Hellman algorithm in microprogrammed logic controllers PLCs from Schneider Electric Modicon M340 CPU BMXP34 lies in the ability to bypass authentication through spoofing. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” atta...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

CVE-2024-8935

CVE-2024-8935 affects Schneider Electric Modicon M340, MC80, and Momentum Unity M1E. The issue is an Authentication Bypass by Spoofing enabling a Man-In-The-Middle attack during a controller–engineering workstation session, due to DH-based vulnerability that does not protect against MITM. Consequ...

PT-2024-9214 · Schneider Electric · Schneider Electric Modicon M340 Cpu Bmxp34

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 affected versions not specified Description: The issue is related to an authentication bypass vulnerability in the Diffie-Hellman algorithm, which can be exploited to conduct a Man-In-The-Middle atta...

K000148343: Diffie-Hellman key exchange protocol vulnerability CVE-2024-41996

Security Advisory Description Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client...

F5 Networks BIG-IP : Diffie-Hellman key exchange protocol vulnerability (K000148343)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148343 advisory. Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is...

Medium: openssl

Issue Overview: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause...

Medium: openssl

Issue Overview: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-727)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-727 advisory. Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2024:3525-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3525-1 advisory. - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used,...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698 Patch Instructions: To install...

SUSE-SU-2024:3525-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698...