Vulnerabilities > CVE-2018-8753 - Unspecified vulnerability in Clavister COS Core

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

clavister

NVD

Published: 2018-08-15

Updated: 2019-10-03

Summary

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack.

Vulnerable Configurations

Part	Description	Count
Application	Clavister Clavister COS Core 11.20.00 Clavister COS Core 12.00.00 Clavister COS Core 12.00.01 Clavister COS Core 12.00.02 Clavister COS Core 12.00.03 Clavister COS Core 12.00.04 Clavister COS Core 12.00.05 Clavister COS Core 12.00.06 Clavister COS Core 12.00.07 Clavister COS Core 12.00.08 Clavister COS Core *	11

References

https://www.clavister.com/advisories/security/clav-sa-0157-bleichenbacher-oracle-vulnerability-in-ikev1
https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html