search menu icon-carat-right cmu-wordmark

CERT Coordination Center

IKEv1 Main Mode vulnerable to brute force attacks

Vulnerability Note VU#857035

Original Release Date: 2018-08-14 | Last Revised: 2018-08-17

Overview

Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.

Description

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389)

It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible.

Impact

An attacker may be able to recover a weak Pre-Shared Key.

Solution

Use Secure Passwords
Use cryptographically secure PSK values that resist brute force or dictionary attacks.

Vendor Information

857035
 
Affected   Unknown   Unaffected

Netgear, Inc.

Notified:  July 18, 2018 Updated:  August 17, 2018

Status

  Not Affected

Vendor Statement

NETGEAR is aware of the CERT CC IKE Protocol Vulnerability note and the mention of NETGEAR devices being affected. Currently shipping NETGEAR hardware products are not affected by this vulnerability because they do not implement IPSEC with IKE and Pre-Shared Keys. Older models that are no longer supported have provided IPSEC functionality; if those are still in service, the CERT advisory applies. Best practice when using Pre-Shared Keys is to ensure that Pre-Shared Keys are long and cryptographically strong. None of our currently shipping hardware products are affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

3com Inc

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

ACCESS

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

ADTRAN

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

ARRIS

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

ASP Linux

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

AT&T

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

AVM GmbH

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Actiontec

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

AirWatch

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Alcatel-Lucent Enterprise

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Amazon

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Android Open Source Project

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Appgate Network Security

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Apple

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Arch Linux

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Arista Networks, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Aruba Networks

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

AsusTek Computer Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Avaya, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Belkin, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

BlackBerry

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

BlueCat Networks, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Broadcom

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Brocade Communication Systems

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Cambium Networks

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Check Point Software Technologies

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Cisco

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Command Software Systems

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

CoreOS

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

D-Link Systems, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Debian GNU/Linux

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Dell

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Dell EMC

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

DesktopBSD

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Deutsche Telekom

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Devicescape

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Digi International

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

DragonFly BSD Project

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

EfficientIP SAS

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Espressif Systems

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Extreme Networks

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

F-Secure Corporation

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Fedora Project

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Force10 Networks

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

FreeS/Wan

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Fujitsu

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

GNU glibc

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Geexbox

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Gentoo Linux

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Google

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

HP Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

HTC

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

HardenedBSD

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Hitachi

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Honeywell

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Huawei Technologies

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

IBM Corporation (zseries)

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

IBM eServer

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

IBM, INC.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

InfoExpress, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Infoblox

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Intel

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Internet Systems Consortium

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Internet Systems Consortium - DHCP

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Interniche Technologies, inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Intoto

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Joyent

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Juniper Networks

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

KAME Project

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Lancope

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Lantronix

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Lenovo

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Linksys

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Marvell Semiconductors

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

McAfee

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

MediaTek

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

MetaSwitch

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Micro Focus

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Microchip Technology

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Microsoft

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

MikroTik

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Miredo

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Mitel Networks, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

NEC Corporation

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

NETSCOUT

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

NetBSD

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Nokia

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Nominum

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Novell, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

OmniTI

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

OpenBSD

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

OpenBSD IPSec

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

OpenConnect

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

OpenDNS

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Oracle Corporation

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Peplink

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Philips Electronics

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

PowerDNS

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Pulse Secure

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

QLogic

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

QNX Software Systems Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

QUALCOMM Incorporated

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Quagga

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Quantenna Communications

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Red Hat, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Roku

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Ruckus Wireless

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

SUSE Linux

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Samsung Mobile

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Secure64 Software Corporation

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Sierra Wireless

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Slackware Linux Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Snort

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Sonos

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Sony Corporation

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Sourcefire

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Symantec

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Synology

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

TP-LINK

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Technicolor

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

TippingPoint Technologies Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Toshiba Commerce Solutions

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

TrueOS

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Turbolinux

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Ubiquiti Networks

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Ubuntu

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Unisys

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

VMware

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Watchguard Technologies, Inc.

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Wind River

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Zebra Technologies

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

ZyXEL

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

aep NETWORKS

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

dnsmasq

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

eero

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

m0n0wall

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

netsnmp

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

pfSENSE

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

strongSwan

Notified:  July 18, 2018 Updated:  July 18, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 8.8 AV:N/AC:M/Au:N/C:C/I:C/A:N
Temporal 7.9 E:POC/RL:U/RC:--
Environmental 7.9 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Martin Grothe Joerg Schwenk and Dennis Felsc h for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

CVE IDs: CVE-2018-5389
Date Public: 2018-08-14
Date First Published: 2018-08-14
Date Last Updated: 2018-08-17 15:13 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.