search menu icon-carat-right cmu-wordmark

CERT Coordination Center

IKEv1 Main Mode vulnerable to brute force attacks

Vulnerability Note VU#857035

Original Release Date: 2018-08-14 | Last Revised: 2018-08-17

Overview

Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.

Description

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389)

It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible.

Impact

An attacker may be able to recover a weak Pre-Shared Key.

Solution

Use Secure Passwords
Use cryptographically secure PSK values that resist brute force or dictionary attacks.

Vendor Information

857035
 
Affected   Unknown   Unaffected

Netgear, Inc.

Notified:  July 18, 2018 Updated:  August 17, 2018

Status

  Not Affected

Vendor Statement

NETGEAR is aware of the CERT CC IKE Protocol Vulnerability note and the mention of NETGEAR devices being affected. Currently shipping NETGEAR hardware products are not affected by this vulnerability because they do not implement IPSEC with IKE and Pre-Shared Keys. Older models that are no longer supported have provided IPSEC functionality; if those are still in service, the CERT advisory applies. Best practice when using Pre-Shared Keys is to ensure that Pre-Shared Keys are long and cryptographically strong. None of our currently shipping hardware products are affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

3com Inc

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    ACCESS

    Notified:  July 18, 2018 Updated:  July 18, 2018

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      ADTRAN

      Notified:  July 18, 2018 Updated:  July 18, 2018

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        ARRIS

        Notified:  July 18, 2018 Updated:  July 18, 2018

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          ASP Linux

          Notified:  July 18, 2018 Updated:  July 18, 2018

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            AT&T

            Notified:  July 18, 2018 Updated:  July 18, 2018

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              AVM GmbH

              Notified:  July 18, 2018 Updated:  July 18, 2018

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                Actiontec

                Notified:  July 18, 2018 Updated:  July 18, 2018

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  AirWatch

                  Notified:  July 18, 2018 Updated:  July 18, 2018

                  Status

                    Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    Alcatel-Lucent Enterprise

                    Notified:  July 18, 2018 Updated:  July 18, 2018

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor References

                      Amazon

                      Notified:  July 18, 2018 Updated:  July 18, 2018

                      Status

                        Unknown

                      Vendor Statement

                      No statement is currently available from the vendor regarding this vulnerability.

                      Vendor References

                        Android Open Source Project

                        Notified:  July 18, 2018 Updated:  July 18, 2018

                        Status

                          Unknown

                        Vendor Statement

                        No statement is currently available from the vendor regarding this vulnerability.

                        Vendor References

                          Appgate Network Security

                          Notified:  July 18, 2018 Updated:  July 18, 2018

                          Status

                            Unknown

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor References

                            Apple

                            Notified:  July 18, 2018 Updated:  July 18, 2018

                            Status

                              Unknown

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor References

                              Arch Linux

                              Notified:  July 18, 2018 Updated:  July 18, 2018

                              Status

                                Unknown

                              Vendor Statement

                              No statement is currently available from the vendor regarding this vulnerability.

                              Vendor References

                                Arista Networks, Inc.

                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                Status

                                  Unknown

                                Vendor Statement

                                No statement is currently available from the vendor regarding this vulnerability.

                                Vendor References

                                  Aruba Networks

                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                  Status

                                    Unknown

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor References

                                    AsusTek Computer Inc.

                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                    Status

                                      Unknown

                                    Vendor Statement

                                    No statement is currently available from the vendor regarding this vulnerability.

                                    Vendor References

                                      Avaya, Inc.

                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                      Status

                                        Unknown

                                      Vendor Statement

                                      No statement is currently available from the vendor regarding this vulnerability.

                                      Vendor References

                                        Belkin, Inc.

                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                        Status

                                          Unknown

                                        Vendor Statement

                                        No statement is currently available from the vendor regarding this vulnerability.

                                        Vendor References

                                          BlackBerry

                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                          Status

                                            Unknown

                                          Vendor Statement

                                          No statement is currently available from the vendor regarding this vulnerability.

                                          Vendor References

                                            BlueCat Networks, Inc.

                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                            Status

                                              Unknown

                                            Vendor Statement

                                            No statement is currently available from the vendor regarding this vulnerability.

                                            Vendor References

                                              Broadcom

                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                              Status

                                                Unknown

                                              Vendor Statement

                                              No statement is currently available from the vendor regarding this vulnerability.

                                              Vendor References

                                                Brocade Communication Systems

                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                Status

                                                  Unknown

                                                Vendor Statement

                                                No statement is currently available from the vendor regarding this vulnerability.

                                                Vendor References

                                                  Cambium Networks

                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                  Status

                                                    Unknown

                                                  Vendor Statement

                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                  Vendor References

                                                    Check Point Software Technologies

                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                    Status

                                                      Unknown

                                                    Vendor Statement

                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                    Vendor References

                                                      Cisco

                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                      Status

                                                        Unknown

                                                      Vendor Statement

                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                      Vendor References

                                                        Command Software Systems

                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                        Status

                                                          Unknown

                                                        Vendor Statement

                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                        Vendor References

                                                          CoreOS

                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                          Status

                                                            Unknown

                                                          Vendor Statement

                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                          Vendor References

                                                            D-Link Systems, Inc.

                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                            Status

                                                              Unknown

                                                            Vendor Statement

                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                            Vendor References

                                                              Debian GNU/Linux

                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                              Status

                                                                Unknown

                                                              Vendor Statement

                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                              Vendor References

                                                                Dell

                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                Status

                                                                  Unknown

                                                                Vendor Statement

                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                Vendor References

                                                                  Dell EMC

                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                  Status

                                                                    Unknown

                                                                  Vendor Statement

                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                  Vendor References

                                                                    DesktopBSD

                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                    Status

                                                                      Unknown

                                                                    Vendor Statement

                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                    Vendor References

                                                                      Deutsche Telekom

                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                      Status

                                                                        Unknown

                                                                      Vendor Statement

                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                      Vendor References

                                                                        Devicescape

                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                        Status

                                                                          Unknown

                                                                        Vendor Statement

                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                        Vendor References

                                                                          Digi International

                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                          Status

                                                                            Unknown

                                                                          Vendor Statement

                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                          Vendor References

                                                                            DragonFly BSD Project

                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                            Status

                                                                              Unknown

                                                                            Vendor Statement

                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                            Vendor References

                                                                              EfficientIP SAS

                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                              Status

                                                                                Unknown

                                                                              Vendor Statement

                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                              Vendor References

                                                                                Espressif Systems

                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                Status

                                                                                  Unknown

                                                                                Vendor Statement

                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                Vendor References

                                                                                  Extreme Networks

                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                  Status

                                                                                    Unknown

                                                                                  Vendor Statement

                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                  Vendor References

                                                                                    F-Secure Corporation

                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                    Status

                                                                                      Unknown

                                                                                    Vendor Statement

                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                    Vendor References

                                                                                      Fedora Project

                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                      Status

                                                                                        Unknown

                                                                                      Vendor Statement

                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                      Vendor References

                                                                                        Force10 Networks

                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                        Status

                                                                                          Unknown

                                                                                        Vendor Statement

                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                        Vendor References

                                                                                          FreeS/Wan

                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                          Status

                                                                                            Unknown

                                                                                          Vendor Statement

                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                          Vendor References

                                                                                            Fujitsu

                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                            Status

                                                                                              Unknown

                                                                                            Vendor Statement

                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                            Vendor References

                                                                                              GNU glibc

                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                              Status

                                                                                                Unknown

                                                                                              Vendor Statement

                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                              Vendor References

                                                                                                Geexbox

                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                Status

                                                                                                  Unknown

                                                                                                Vendor Statement

                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                Vendor References

                                                                                                  Gentoo Linux

                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                  Status

                                                                                                    Unknown

                                                                                                  Vendor Statement

                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                  Vendor References

                                                                                                    Google

                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                    Status

                                                                                                      Unknown

                                                                                                    Vendor Statement

                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                    Vendor References

                                                                                                      HP Inc.

                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                      Status

                                                                                                        Unknown

                                                                                                      Vendor Statement

                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                      Vendor References

                                                                                                        HTC

                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                        Status

                                                                                                          Unknown

                                                                                                        Vendor Statement

                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                        Vendor References

                                                                                                          HardenedBSD

                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                          Status

                                                                                                            Unknown

                                                                                                          Vendor Statement

                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                          Vendor References

                                                                                                            Hitachi

                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                            Status

                                                                                                              Unknown

                                                                                                            Vendor Statement

                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                            Vendor References

                                                                                                              Honeywell

                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                              Status

                                                                                                                Unknown

                                                                                                              Vendor Statement

                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                              Vendor References

                                                                                                                Huawei Technologies

                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                Status

                                                                                                                  Unknown

                                                                                                                Vendor Statement

                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                Vendor References

                                                                                                                  IBM Corporation (zseries)

                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                  Status

                                                                                                                    Unknown

                                                                                                                  Vendor Statement

                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                  Vendor References

                                                                                                                    IBM eServer

                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                    Status

                                                                                                                      Unknown

                                                                                                                    Vendor Statement

                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                    Vendor References

                                                                                                                      IBM, INC.

                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                      Status

                                                                                                                        Unknown

                                                                                                                      Vendor Statement

                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                      Vendor References

                                                                                                                        InfoExpress, Inc.

                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                        Status

                                                                                                                          Unknown

                                                                                                                        Vendor Statement

                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                        Vendor References

                                                                                                                          Infoblox

                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                          Status

                                                                                                                            Unknown

                                                                                                                          Vendor Statement

                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                          Vendor References

                                                                                                                            Intel

                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                            Status

                                                                                                                              Unknown

                                                                                                                            Vendor Statement

                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                            Vendor References

                                                                                                                              Internet Systems Consortium

                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                              Status

                                                                                                                                Unknown

                                                                                                                              Vendor Statement

                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                              Vendor References

                                                                                                                                Internet Systems Consortium - DHCP

                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                Status

                                                                                                                                  Unknown

                                                                                                                                Vendor Statement

                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                Vendor References

                                                                                                                                  Interniche Technologies, inc.

                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                  Status

                                                                                                                                    Unknown

                                                                                                                                  Vendor Statement

                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                  Vendor References

                                                                                                                                    Intoto

                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                    Status

                                                                                                                                      Unknown

                                                                                                                                    Vendor Statement

                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                    Vendor References

                                                                                                                                      Joyent

                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                      Status

                                                                                                                                        Unknown

                                                                                                                                      Vendor Statement

                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                      Vendor References

                                                                                                                                        Juniper Networks

                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                        Status

                                                                                                                                          Unknown

                                                                                                                                        Vendor Statement

                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                        Vendor References

                                                                                                                                          KAME Project

                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                          Status

                                                                                                                                            Unknown

                                                                                                                                          Vendor Statement

                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                          Vendor References

                                                                                                                                            Lancope

                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                            Status

                                                                                                                                              Unknown

                                                                                                                                            Vendor Statement

                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                            Vendor References

                                                                                                                                              Lantronix

                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                              Status

                                                                                                                                                Unknown

                                                                                                                                              Vendor Statement

                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                              Vendor References

                                                                                                                                                Lenovo

                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                Status

                                                                                                                                                  Unknown

                                                                                                                                                Vendor Statement

                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                Vendor References

                                                                                                                                                  Linksys

                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                  Status

                                                                                                                                                    Unknown

                                                                                                                                                  Vendor Statement

                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                  Vendor References

                                                                                                                                                    Marvell Semiconductors

                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                    Status

                                                                                                                                                      Unknown

                                                                                                                                                    Vendor Statement

                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                    Vendor References

                                                                                                                                                      McAfee

                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                      Status

                                                                                                                                                        Unknown

                                                                                                                                                      Vendor Statement

                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                      Vendor References

                                                                                                                                                        MediaTek

                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                        Status

                                                                                                                                                          Unknown

                                                                                                                                                        Vendor Statement

                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                        Vendor References

                                                                                                                                                          MetaSwitch

                                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                          Status

                                                                                                                                                            Unknown

                                                                                                                                                          Vendor Statement

                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                          Vendor References

                                                                                                                                                            Micro Focus

                                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                            Status

                                                                                                                                                              Unknown

                                                                                                                                                            Vendor Statement

                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                            Vendor References

                                                                                                                                                              Microchip Technology

                                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                              Status

                                                                                                                                                                Unknown

                                                                                                                                                              Vendor Statement

                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                              Vendor References

                                                                                                                                                                Microsoft

                                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                Status

                                                                                                                                                                  Unknown

                                                                                                                                                                Vendor Statement

                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                Vendor References

                                                                                                                                                                  MikroTik

                                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                  Status

                                                                                                                                                                    Unknown

                                                                                                                                                                  Vendor Statement

                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                  Vendor References

                                                                                                                                                                    Miredo

                                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                    Status

                                                                                                                                                                      Unknown

                                                                                                                                                                    Vendor Statement

                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                    Vendor References

                                                                                                                                                                      Mitel Networks, Inc.

                                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                      Status

                                                                                                                                                                        Unknown

                                                                                                                                                                      Vendor Statement

                                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                      Vendor References

                                                                                                                                                                        NEC Corporation

                                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                        Status

                                                                                                                                                                          Unknown

                                                                                                                                                                        Vendor Statement

                                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                        Vendor References

                                                                                                                                                                          NETSCOUT

                                                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                          Status

                                                                                                                                                                            Unknown

                                                                                                                                                                          Vendor Statement

                                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                          Vendor References

                                                                                                                                                                            NetBSD

                                                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                            Status

                                                                                                                                                                              Unknown

                                                                                                                                                                            Vendor Statement

                                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                            Vendor References

                                                                                                                                                                              Nokia

                                                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                              Status

                                                                                                                                                                                Unknown

                                                                                                                                                                              Vendor Statement

                                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                              Vendor References

                                                                                                                                                                                Nominum

                                                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                Status

                                                                                                                                                                                  Unknown

                                                                                                                                                                                Vendor Statement

                                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                Vendor References

                                                                                                                                                                                  Novell, Inc.

                                                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                  Status

                                                                                                                                                                                    Unknown

                                                                                                                                                                                  Vendor Statement

                                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                  Vendor References

                                                                                                                                                                                    OmniTI

                                                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                    Status

                                                                                                                                                                                      Unknown

                                                                                                                                                                                    Vendor Statement

                                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                    Vendor References

                                                                                                                                                                                      OpenBSD

                                                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                      Status

                                                                                                                                                                                        Unknown

                                                                                                                                                                                      Vendor Statement

                                                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                      Vendor References

                                                                                                                                                                                        OpenBSD IPSec

                                                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                        Status

                                                                                                                                                                                          Unknown

                                                                                                                                                                                        Vendor Statement

                                                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                        Vendor References

                                                                                                                                                                                          OpenConnect

                                                                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                          Status

                                                                                                                                                                                            Unknown

                                                                                                                                                                                          Vendor Statement

                                                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                          Vendor References

                                                                                                                                                                                            OpenDNS

                                                                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                            Status

                                                                                                                                                                                              Unknown

                                                                                                                                                                                            Vendor Statement

                                                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                            Vendor References

                                                                                                                                                                                              Openwall GNU/*/Linux

                                                                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                              Status

                                                                                                                                                                                                Unknown

                                                                                                                                                                                              Vendor Statement

                                                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                              Vendor References

                                                                                                                                                                                                Oracle Corporation

                                                                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                Status

                                                                                                                                                                                                  Unknown

                                                                                                                                                                                                Vendor Statement

                                                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                Vendor References

                                                                                                                                                                                                  Peplink

                                                                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                  Status

                                                                                                                                                                                                    Unknown

                                                                                                                                                                                                  Vendor Statement

                                                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                  Vendor References

                                                                                                                                                                                                    Philips Electronics

                                                                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                    Status

                                                                                                                                                                                                      Unknown

                                                                                                                                                                                                    Vendor Statement

                                                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                    Vendor References

                                                                                                                                                                                                      PowerDNS

                                                                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                      Status

                                                                                                                                                                                                        Unknown

                                                                                                                                                                                                      Vendor Statement

                                                                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                      Vendor References

                                                                                                                                                                                                        Pulse Secure

                                                                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                        Status

                                                                                                                                                                                                          Unknown

                                                                                                                                                                                                        Vendor Statement

                                                                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                        Vendor References

                                                                                                                                                                                                          QLogic

                                                                                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                          Status

                                                                                                                                                                                                            Unknown

                                                                                                                                                                                                          Vendor Statement

                                                                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                          Vendor References

                                                                                                                                                                                                            QNX Software Systems Inc.

                                                                                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                            Status

                                                                                                                                                                                                              Unknown

                                                                                                                                                                                                            Vendor Statement

                                                                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                            Vendor References

                                                                                                                                                                                                              QUALCOMM Incorporated

                                                                                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                              Status

                                                                                                                                                                                                                Unknown

                                                                                                                                                                                                              Vendor Statement

                                                                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                              Vendor References

                                                                                                                                                                                                                Quagga

                                                                                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                Status

                                                                                                                                                                                                                  Unknown

                                                                                                                                                                                                                Vendor Statement

                                                                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                Vendor References

                                                                                                                                                                                                                  Quantenna Communications

                                                                                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                  Status

                                                                                                                                                                                                                    Unknown

                                                                                                                                                                                                                  Vendor Statement

                                                                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                  Vendor References

                                                                                                                                                                                                                    Red Hat, Inc.

                                                                                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                    Status

                                                                                                                                                                                                                      Unknown

                                                                                                                                                                                                                    Vendor Statement

                                                                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                    Vendor References

                                                                                                                                                                                                                      Roku

                                                                                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                      Status

                                                                                                                                                                                                                        Unknown

                                                                                                                                                                                                                      Vendor Statement

                                                                                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                      Vendor References

                                                                                                                                                                                                                        Ruckus Wireless

                                                                                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                        Status

                                                                                                                                                                                                                          Unknown

                                                                                                                                                                                                                        Vendor Statement

                                                                                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                        Vendor References

                                                                                                                                                                                                                          SUSE Linux

                                                                                                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                          Status

                                                                                                                                                                                                                            Unknown

                                                                                                                                                                                                                          Vendor Statement

                                                                                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                          Vendor References

                                                                                                                                                                                                                            Samsung Mobile

                                                                                                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                            Status

                                                                                                                                                                                                                              Unknown

                                                                                                                                                                                                                            Vendor Statement

                                                                                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                            Vendor References

                                                                                                                                                                                                                              Secure64 Software Corporation

                                                                                                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                              Status

                                                                                                                                                                                                                                Unknown

                                                                                                                                                                                                                              Vendor Statement

                                                                                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                              Vendor References

                                                                                                                                                                                                                                Sierra Wireless

                                                                                                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                Status

                                                                                                                                                                                                                                  Unknown

                                                                                                                                                                                                                                Vendor Statement

                                                                                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                Vendor References

                                                                                                                                                                                                                                  Slackware Linux Inc.

                                                                                                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                  Status

                                                                                                                                                                                                                                    Unknown

                                                                                                                                                                                                                                  Vendor Statement

                                                                                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                  Vendor References

                                                                                                                                                                                                                                    Snort

                                                                                                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                    Status

                                                                                                                                                                                                                                      Unknown

                                                                                                                                                                                                                                    Vendor Statement

                                                                                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                    Vendor References

                                                                                                                                                                                                                                      Sonos

                                                                                                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                      Status

                                                                                                                                                                                                                                        Unknown

                                                                                                                                                                                                                                      Vendor Statement

                                                                                                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                      Vendor References

                                                                                                                                                                                                                                        Sony Corporation

                                                                                                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                        Status

                                                                                                                                                                                                                                          Unknown

                                                                                                                                                                                                                                        Vendor Statement

                                                                                                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                        Vendor References

                                                                                                                                                                                                                                          Sourcefire

                                                                                                                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                          Status

                                                                                                                                                                                                                                            Unknown

                                                                                                                                                                                                                                          Vendor Statement

                                                                                                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                          Vendor References

                                                                                                                                                                                                                                            Symantec

                                                                                                                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                            Status

                                                                                                                                                                                                                                              Unknown

                                                                                                                                                                                                                                            Vendor Statement

                                                                                                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                            Vendor References

                                                                                                                                                                                                                                              Synology

                                                                                                                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                              Status

                                                                                                                                                                                                                                                Unknown

                                                                                                                                                                                                                                              Vendor Statement

                                                                                                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                              Vendor References

                                                                                                                                                                                                                                                TP-LINK

                                                                                                                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                Status

                                                                                                                                                                                                                                                  Unknown

                                                                                                                                                                                                                                                Vendor Statement

                                                                                                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                Vendor References

                                                                                                                                                                                                                                                  Technicolor

                                                                                                                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                  Status

                                                                                                                                                                                                                                                    Unknown

                                                                                                                                                                                                                                                  Vendor Statement

                                                                                                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                  Vendor References

                                                                                                                                                                                                                                                    TippingPoint Technologies Inc.

                                                                                                                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                    Status

                                                                                                                                                                                                                                                      Unknown

                                                                                                                                                                                                                                                    Vendor Statement

                                                                                                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                    Vendor References

                                                                                                                                                                                                                                                      Toshiba Commerce Solutions

                                                                                                                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                      Status

                                                                                                                                                                                                                                                        Unknown

                                                                                                                                                                                                                                                      Vendor Statement

                                                                                                                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                      Vendor References

                                                                                                                                                                                                                                                        TrueOS

                                                                                                                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                        Status

                                                                                                                                                                                                                                                          Unknown

                                                                                                                                                                                                                                                        Vendor Statement

                                                                                                                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                        Vendor References

                                                                                                                                                                                                                                                          Turbolinux

                                                                                                                                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                          Status

                                                                                                                                                                                                                                                            Unknown

                                                                                                                                                                                                                                                          Vendor Statement

                                                                                                                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                          Vendor References

                                                                                                                                                                                                                                                            Ubiquiti Networks

                                                                                                                                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                            Status

                                                                                                                                                                                                                                                              Unknown

                                                                                                                                                                                                                                                            Vendor Statement

                                                                                                                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                            Vendor References

                                                                                                                                                                                                                                                              Ubuntu

                                                                                                                                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                              Status

                                                                                                                                                                                                                                                                Unknown

                                                                                                                                                                                                                                                              Vendor Statement

                                                                                                                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                              Vendor References

                                                                                                                                                                                                                                                                Unisys

                                                                                                                                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                Status

                                                                                                                                                                                                                                                                  Unknown

                                                                                                                                                                                                                                                                Vendor Statement

                                                                                                                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                Vendor References

                                                                                                                                                                                                                                                                  VMware

                                                                                                                                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                  Status

                                                                                                                                                                                                                                                                    Unknown

                                                                                                                                                                                                                                                                  Vendor Statement

                                                                                                                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                  Vendor References

                                                                                                                                                                                                                                                                    Watchguard Technologies, Inc.

                                                                                                                                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                    Status

                                                                                                                                                                                                                                                                      Unknown

                                                                                                                                                                                                                                                                    Vendor Statement

                                                                                                                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                    Vendor References

                                                                                                                                                                                                                                                                      Wind River

                                                                                                                                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                      Status

                                                                                                                                                                                                                                                                        Unknown

                                                                                                                                                                                                                                                                      Vendor Statement

                                                                                                                                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                      Vendor References

                                                                                                                                                                                                                                                                        Zebra Technologies

                                                                                                                                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                        Status

                                                                                                                                                                                                                                                                          Unknown

                                                                                                                                                                                                                                                                        Vendor Statement

                                                                                                                                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                        Vendor References

                                                                                                                                                                                                                                                                          ZyXEL

                                                                                                                                                                                                                                                                          Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                          Status

                                                                                                                                                                                                                                                                            Unknown

                                                                                                                                                                                                                                                                          Vendor Statement

                                                                                                                                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                          Vendor References

                                                                                                                                                                                                                                                                            aep NETWORKS

                                                                                                                                                                                                                                                                            Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                            Status

                                                                                                                                                                                                                                                                              Unknown

                                                                                                                                                                                                                                                                            Vendor Statement

                                                                                                                                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                            Vendor References

                                                                                                                                                                                                                                                                              dnsmasq

                                                                                                                                                                                                                                                                              Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                              Status

                                                                                                                                                                                                                                                                                Unknown

                                                                                                                                                                                                                                                                              Vendor Statement

                                                                                                                                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                              Vendor References

                                                                                                                                                                                                                                                                                eero

                                                                                                                                                                                                                                                                                Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                                Status

                                                                                                                                                                                                                                                                                  Unknown

                                                                                                                                                                                                                                                                                Vendor Statement

                                                                                                                                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                                Vendor References

                                                                                                                                                                                                                                                                                  m0n0wall

                                                                                                                                                                                                                                                                                  Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                                  Status

                                                                                                                                                                                                                                                                                    Unknown

                                                                                                                                                                                                                                                                                  Vendor Statement

                                                                                                                                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                                  Vendor References

                                                                                                                                                                                                                                                                                    netsnmp

                                                                                                                                                                                                                                                                                    Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                                    Status

                                                                                                                                                                                                                                                                                      Unknown

                                                                                                                                                                                                                                                                                    Vendor Statement

                                                                                                                                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                                    Vendor References

                                                                                                                                                                                                                                                                                      pfSENSE

                                                                                                                                                                                                                                                                                      Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                                      Status

                                                                                                                                                                                                                                                                                        Unknown

                                                                                                                                                                                                                                                                                      Vendor Statement

                                                                                                                                                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                                      Vendor References

                                                                                                                                                                                                                                                                                        strongSwan

                                                                                                                                                                                                                                                                                        Notified:  July 18, 2018 Updated:  July 18, 2018

                                                                                                                                                                                                                                                                                        Status

                                                                                                                                                                                                                                                                                          Unknown

                                                                                                                                                                                                                                                                                        Vendor Statement

                                                                                                                                                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                                                                                                                                        Vendor References

                                                                                                                                                                                                                                                                                          View all 141 vendors View less vendors


                                                                                                                                                                                                                                                                                          CVSS Metrics

                                                                                                                                                                                                                                                                                          Group Score Vector
                                                                                                                                                                                                                                                                                          Base 8.8 AV:N/AC:M/Au:N/C:C/I:C/A:N
                                                                                                                                                                                                                                                                                          Temporal 7.9 E:POC/RL:U/RC:--
                                                                                                                                                                                                                                                                                          Environmental 7.9 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

                                                                                                                                                                                                                                                                                          References

                                                                                                                                                                                                                                                                                          Acknowledgements

                                                                                                                                                                                                                                                                                          Thanks to Martin Grothe Joerg Schwenk and Dennis Felsc h for reporting this vulnerability.

                                                                                                                                                                                                                                                                                          This document was written by Trent Novelly.

                                                                                                                                                                                                                                                                                          Other Information

                                                                                                                                                                                                                                                                                          CVE IDs: CVE-2018-5389
                                                                                                                                                                                                                                                                                          Date Public: 2018-08-14
                                                                                                                                                                                                                                                                                          Date First Published: 2018-08-14
                                                                                                                                                                                                                                                                                          Date Last Updated: 2018-08-17 15:13 UTC
                                                                                                                                                                                                                                                                                          Document Revision: 14

                                                                                                                                                                                                                                                                                          Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.