CVE-2018-0131

14.08.2018, 16:29

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cisco	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
cisco	ios	15.5\(3\)s
cisco	ios_xe	15.5\(3\)s

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-326 - Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

http://www.securityfocus.com/bid/105074

http://www.securitytracker.com/id/1041539

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce

http://www.securityfocus.com/bid/105074

http://www.securitytracker.com/id/1041539

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce