CVE-2018-0131

Summary

CVE	CVE-2018-0131
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-08-14 16:29:00 UTC
Updated	2019-10-09 23:31:00 UTC
Description	A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.

Risk And Classification

Problem Types: CWE-326

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Cisco	Ios	15.5(3)s	All	All	All
Operating System	Cisco	Ios	15.5\(3\)s	All	All	All
Operating System	Cisco	Ios	15.5\(3\)s	All	All	All
Operating System	Cisco	Ios Xe	15.5(3)s	All	All	All
Operating System	Cisco	Ios Xe	15.5\(3\)s	All	All	All
Operating System	Cisco	Ios Xe	15.5\(3\)s	All	All	All

References

Reference	Source	Link	Tags
Cisco IOS/IOS XE IKEv1 Flaw Lets Remote Users Obtain Remote RSA-Encrypted IKEv1 Nonces on the Target System - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Cisco IOS and IOS XE Software CVE-2018-0131 Information Disclosure Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability	CISCO	tools.cisco.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.