Overview
Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.
Description
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible. |
Impact
An attacker may be able to recover a weak Pre-Shared Key. |
Solution
Use Secure Passwords |
Vendor Information
Netgear, Inc.
Notified: July 18, 2018 Updated: August 17, 2018
Status
Not Affected
Vendor Statement
NETGEAR is aware of the CERT CC IKE Protocol Vulnerability note and the mention of NETGEAR devices being affected. Currently shipping NETGEAR hardware products are not affected by this vulnerability because they do not implement IPSEC with IKE and Pre-Shared Keys. Older models that are no longer supported have provided IPSEC functionality; if those are still in service, the CERT advisory applies. Best practice when using Pre-Shared Keys is to ensure that Pre-Shared Keys are long and cryptographically strong. None of our currently shipping hardware products are affected.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
3com Inc
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
ACCESS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
ADTRAN
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
ARRIS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
ASP Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
AT&T
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
AVM GmbH
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Actiontec
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
AirWatch
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Alcatel-Lucent Enterprise
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Amazon
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Android Open Source Project
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Appgate Network Security
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Apple
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Arch Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Arista Networks, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Aruba Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
AsusTek Computer Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Avaya, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Belkin, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
BlackBerry
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
BlueCat Networks, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Broadcom
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Brocade Communication Systems
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Cambium Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Check Point Software Technologies
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Cisco
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Command Software Systems
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
CoreOS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
D-Link Systems, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Debian GNU/Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Dell
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Dell EMC
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
DesktopBSD
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Deutsche Telekom
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Devicescape
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Digi International
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
DragonFly BSD Project
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
EfficientIP SAS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Espressif Systems
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Extreme Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
F-Secure Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Fedora Project
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Force10 Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
FreeS/Wan
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Fujitsu
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
GNU glibc
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Geexbox
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Gentoo Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
HP Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
HTC
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
HardenedBSD
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Hitachi
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Honeywell
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Huawei Technologies
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
IBM Corporation (zseries)
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
IBM eServer
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
IBM, INC.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
InfoExpress, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Infoblox
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Intel
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Internet Systems Consortium
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Internet Systems Consortium - DHCP
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Interniche Technologies, inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Intoto
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Joyent
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Juniper Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
KAME Project
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Lancope
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Lantronix
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Lenovo
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Linksys
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Marvell Semiconductors
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
McAfee
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
MediaTek
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
MetaSwitch
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Micro Focus
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Microchip Technology
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Microsoft
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
MikroTik
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Miredo
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Mitel Networks, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
NEC Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
NETSCOUT
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
NetBSD
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Nokia
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Nominum
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Novell, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
OmniTI
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
OpenBSD
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
OpenBSD IPSec
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
OpenConnect
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
OpenDNS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Openwall GNU/*/Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Oracle Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Peplink
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Philips Electronics
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
PowerDNS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Pulse Secure
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
QLogic
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
QNX Software Systems Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
QUALCOMM Incorporated
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Quagga
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Quantenna Communications
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Red Hat, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Roku
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Ruckus Wireless
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
SUSE Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Samsung Mobile
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Secure64 Software Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Sierra Wireless
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Slackware Linux Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Snort
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Sonos
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Sony Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Sourcefire
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Symantec
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Synology
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
TP-LINK
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Technicolor
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
TippingPoint Technologies Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Toshiba Commerce Solutions
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
TrueOS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Turbolinux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Ubiquiti Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Ubuntu
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Unisys
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
VMware
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Watchguard Technologies, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Wind River
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
Zebra Technologies
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
ZyXEL
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
aep NETWORKS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
dnsmasq
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
eero
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
m0n0wall
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
netsnmp
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
pfSENSE
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
strongSwan
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 8.8 | AV:N/AC:M/Au:N/C:C/I:C/A:N |
| Temporal | 7.9 | E:POC/RL:U/RC:-- |
| Environmental | 7.9 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Martin Grothe Joerg Schwenk and Dennis Felsc h for reporting this vulnerability.
This document was written by Trent Novelly.
Other Information
| CVE IDs: | CVE-2018-5389 |
| Date Public: | 2018-08-14 |
| Date First Published: | 2018-08-14 |
| Date Last Updated: | 2018-08-17 15:13 UTC |
| Document Revision: | 14 |