Vulnerability Description
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Balasys | Dheater | - |
| Siemens | Scalance W1750D Firmware | All versions |
| Siemens | Scalance W1750D | - |
| Suse | Linux Enterprise Server | 11 |
| F5 | Big-Ip Access Policy Manager | >= 13.1.0, < 16.1.4 |
| F5 | Big-Ip Advanced Firewall Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Advanced Web Application Firewall | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Analytics | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Application Acceleration Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Application Security Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Application Visibility And Reporting | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Carrier-Grade Nat | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Ddos Hybrid Defender | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Domain Name System | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Edge Gateway | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Fraud Protection Service | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Global Traffic Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Link Controller | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Local Traffic Manager | >= 13.1.0, <= 17.1.2 |
| F5 | Big-Ip Policy Enforcement Manager | >= 13.1.0, <= 17.1.2 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdfThird Party Advisory
- https://dheatattack.comThird Party Advisory
- https://dheatattack.gitlab.io/Third Party Advisory
- https://github.com/Balasys/dheaterProductThird Party Advisory
- https://github.com/mozilla/ssl-config-generator/issues/162Issue Tracking
- https://gitlab.com/dheatattack/dheaterThird Party Advisory
- https://ieeexplore.ieee.org/document/10374117Technical DescriptionThird Party Advisory
- https://support.f5.com/csp/article/K83120834Third Party Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txtTechnical DescriptionThird Party Advisory
- https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/Third Party Advisory
- https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dheIssue Tracking
- https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_SecuritExploitTechnical Description
- https://www.suse.com/support/kb/doc/?id=000020510Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdfThird Party Advisory
- https://dheatattack.comThird Party Advisory
FAQ
What is CVE-2002-20001?
CVE-2002-20001 is a vulnerability with a CVSS score of 7.5 (HIGH). The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...
How severe is CVE-2002-20001?
CVE-2002-20001 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-20001?
Check the references section above for vendor advisories and patch information. Affected products include: Balasys Dheater, Siemens Scalance W1750D Firmware, Siemens Scalance W1750D, Suse Linux Enterprise Server, F5 Big-Ip Access Policy Manager.