CVE-2018-0131

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.

Published : 2018-08-14 16:29 Updated : 2019-10-09 23:31

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Cisco Ios 15.5%283%29s cpe:/o:cisco:ios:15.5%283%29s
Cisco Ios Xe 15.5%283%29s cpe:/o:cisco:ios_xe:15.5%283%29s
  1. Cisco (2) Search CVE
    1. Ios Xe (1) Search CVE
      1. 15.5%283%29s
    2. Ios (1) Search CVE
      1. 15.5%283%29s

CWE

ID Name Description Links
CWE-326 Inadequate Encryption Strength The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. CVE

History of changes

Date Event
2018-10-22 17:43
2018-08-29 10:29
2018-08-15 10:29
2018-08-14 16:29

New CVE