CVE-2018-0131Inadequate Encryption Strength in Systems INC IOS AND IOS XE

CWE-326Inadequate Encryption Strength4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.4%
top 36.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Systems INC IOS AND IOS XECisco IOSCisco IOS XE
Timeline
PublishedAug 14
Latest updateMay 13

Description

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful expl

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

NVDcisco/ios15.5\(3\)s
NVDcisco/ios_xe15.5\(3\)s
CVEListV5cisco_systems_inc/ios_and_ios_xeunspecified

🔴Vulnerability Details

2
GHSA
GHSA-q37w-h76h-2g8q: A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote a2022-05-13
CVEList
CVE-2018-0131: A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote a2018-08-14

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability2018-08-13
CVE-2018-0131 — Inadequate Encryption Strength | cvebase