Vulnerabilities > CVE-2018-8753 - Unspecified vulnerability in Clavister COS Core

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

clavister

NVD

Published: 2018-08-15

Updated: 2019-10-03

Summary

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack.

Vulnerable Configurations

Part	Description	Count
Application	Clavister Clavister COS Core * Clavister COS Core 11.20.00 Clavister COS Core 12.00.00 Clavister COS Core 12.00.01 Clavister COS Core 12.00.02 Clavister COS Core 12.00.03 Clavister COS Core 12.00.04 Clavister COS Core 12.00.05 Clavister COS Core 12.00.06 Clavister COS Core 12.00.07 Clavister COS Core 12.00.08	11

References

https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html
https://www.clavister.com/advisories/security/clav-sa-0157-bleichenbacher-oracle-vulnerability-in-ikev1