Home

CVE-2018-0131

Description

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.409

Associated Vulnerability

VulnerabilityOS Platform
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability For Cisco ASR 1000 Series Aggregation Services RoutersNCM
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability For Cisco Cloud Services Router 1000V SeriesNCM
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability For Cisco 4000 Series Integrated Services RoutersNCM
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability For Cisco 1000 Series Integrated Services RoutersNCM
Inadequate Encryption Strength Vulnerability (CVE-2018-0131)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705898Security Update for Cisco ASR 1000 Series Aggregation Services Routers Denali-16.3.4a
PATCH-1705899Security Update for Cisco Cloud Services Router 1000V Series Denali-16.3.4a
PATCH-1705901Security Update for Cisco 4000 Series Integrated Services Routers Denali-16.3.4a
PATCH-1705902Security Update for Cisco 1000 Series Integrated Services Routers Denali-16.3.4a

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234