Overview
Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.
Description
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible. |
Impact
An attacker may be able to recover a weak Pre-Shared Key. |
Solution
Use Secure Passwords |
Vendor Information
Netgear, Inc.
Notified: July 18, 2018 Updated: August 17, 2018
Status
Not Affected
Vendor Statement
NETGEAR is aware of the CERT CC IKE Protocol Vulnerability note and the mention of NETGEAR devices being affected. Currently shipping NETGEAR hardware products are not affected by this vulnerability because they do not implement IPSEC with IKE and Pre-Shared Keys. Older models that are no longer supported have provided IPSEC functionality; if those are still in service, the CERT advisory applies. Best practice when using Pre-Shared Keys is to ensure that Pre-Shared Keys are long and cryptographically strong. None of our currently shipping hardware products are affected.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
3com Inc
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
ACCESS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
ADTRAN
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
ARRIS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
ASP Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
AT&T
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
AVM GmbH
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Actiontec
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
AirWatch
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Alcatel-Lucent Enterprise
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Amazon
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Android Open Source Project
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Appgate Network Security
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Apple
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Arch Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Arista Networks, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Aruba Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
AsusTek Computer Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Avaya, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Belkin, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
BlackBerry
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
BlueCat Networks, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Broadcom
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Brocade Communication Systems
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Cambium Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Check Point Software Technologies
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Cisco
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Command Software Systems
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
CoreOS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
D-Link Systems, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Debian GNU/Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Dell
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Dell EMC
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
DesktopBSD
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Deutsche Telekom
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Devicescape
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Digi International
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
DragonFly BSD Project
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
EfficientIP SAS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Espressif Systems
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Extreme Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
F-Secure Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Fedora Project
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Force10 Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
FreeS/Wan
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Fujitsu
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
GNU glibc
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Geexbox
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Gentoo Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
HP Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
HTC
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
HardenedBSD
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Hitachi
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Honeywell
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Huawei Technologies
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
IBM Corporation (zseries)
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
IBM eServer
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
IBM, INC.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
InfoExpress, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Infoblox
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Intel
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Internet Systems Consortium
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Internet Systems Consortium - DHCP
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Interniche Technologies, inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Intoto
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Joyent
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Juniper Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
KAME Project
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Lancope
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Lantronix
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Lenovo
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Linksys
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Marvell Semiconductors
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
McAfee
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
MediaTek
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
MetaSwitch
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Micro Focus
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Microchip Technology
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Microsoft
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
MikroTik
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Miredo
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Mitel Networks, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
NEC Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
NETSCOUT
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
NetBSD
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Nokia
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Nominum
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Novell, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
OmniTI
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
OpenBSD
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
OpenBSD IPSec
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
OpenConnect
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
OpenDNS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Openwall GNU/*/Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Oracle Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Peplink
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Philips Electronics
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
PowerDNS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Pulse Secure
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
QLogic
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
QNX Software Systems Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
QUALCOMM Incorporated
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Quagga
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Quantenna Communications
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Red Hat, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Roku
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Ruckus Wireless
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
SUSE Linux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Samsung Mobile
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Secure64 Software Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Sierra Wireless
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Slackware Linux Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Snort
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Sonos
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Sony Corporation
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Sourcefire
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Symantec
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Synology
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
TP-LINK
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Technicolor
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
TippingPoint Technologies Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Toshiba Commerce Solutions
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
TrueOS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Turbolinux
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Ubiquiti Networks
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Ubuntu
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Unisys
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
VMware
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Watchguard Technologies, Inc.
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Wind River
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Zebra Technologies
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
ZyXEL
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
aep NETWORKS
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
dnsmasq
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
eero
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
m0n0wall
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
netsnmp
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
pfSENSE
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
strongSwan
Notified: July 18, 2018 Updated: July 18, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 8.8 | AV:N/AC:M/Au:N/C:C/I:C/A:N |
| Temporal | 7.9 | E:POC/RL:U/RC:-- |
| Environmental | 7.9 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Credit
Thanks to Martin Grothe Joerg Schwenk and Dennis Felsc h for reporting this vulnerability.
This document was written by Trent Novelly.
Other Information
| CVE IDs: | CVE-2018-5389 |
| Date Public: | 2018-08-14 |
| Date First Published: | 2018-08-14 |
| Date Last Updated: | 2018-08-17 15:13 UTC |
| Document Revision: | 14 |