cbcvebase.
CVE-2002-20001
published 2021-11-11

CVE-2002-20001: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

Affected

64 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_access_policy_manager>= 13.1.0 < 16.1.416.1.4
f5big-ip_access_policy_manager>= 17.0.0 < 17.1.017.1.0
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_firewall_manager13.1.0 – 17.1.2
f5big-ip_advanced_web_application_firewall
f5big-ip_advanced_web_application_firewall13.1.0 – 17.1.2
f5big-ip_analytics
f5big-ip_analytics13.1.0 – 17.1.2
f5big-ip_application_acceleration_manager
f5big-ip_application_acceleration_manager13.1.0 – 17.1.2
f5big-ip_application_security_manager
f5big-ip_application_security_manager13.1.0 – 17.1.2
f5big-ip_application_visibility_and_reporting
f5big-ip_application_visibility_and_reporting13.1.0 – 17.1.2
f5big-ip_carrier-grade_nat
f5big-ip_carrier-grade_nat13.1.0 – 17.1.2
f5big-ip_ddos_hybrid_defender
f5big-ip_ddos_hybrid_defender13.1.0 – 17.1.2
f5big-ip_domain_name_system
f5big-ip_domain_name_system13.1.0 – 17.1.2
f5big-ip_edge_gateway
f5big-ip_edge_gateway13.1.0 – 17.1.2
f5big-ip_fraud_protection_service
f5big-ip_fraud_protection_service13.1.0 – 17.1.2
f5big-ip_global_traffic_manager

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH