high
7.5
CWE
400
Advisory Published
Advisory Published
Updated

CVE-2002-20001

First published: Thu Nov 11 2021(Updated: )

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
balasys dheater
SUSE Linux Enterprise Server=15
SUSE Linux Enterprise Server=11
SUSE Linux Enterprise Server=12
F5 BIG-IP and BIG-IQ Centralized Management=7.1.0
F5 BIG-IP and BIG-IQ Centralized Management>=8.0.0<=8.2.0
F5 BIG-IP Service Proxy for Kubernetes=1.6.0
F5 Traffix Systems Signaling Delivery Controller=5.2.0
F5 Traffix Systems Signaling Delivery Controller=5.1.0
F5 Access Policy Manager>=13.1.0<=17.1.0
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=17.1.0
F5 BIG-IP Advanced WAF/ASM>=13.1.0<=17.1.0
F5 BIG-IP Analytics>=13.1.0<=17.1.0
F5 BIG-IP Application Acceleration Manager>=13.1.0<=17.1.0
F5 Application Security Manager>=13.1.0<=17.1.0
F5 BIG-IP Application Visibility and Reporting>=13.1.0<=17.1.0
F5 BIG-IP Carrier-Grade NAT>=13.1.0<=17.1.0
F5 BIG-IP DDoS Hybrid Defender>=13.1.0<=17.1.0
F5 BIG-IP>=13.1.0<=17.1.0
F5 BIG-IP Edge Gateway>=13.1.0<=17.1.0
F5 BIG-IP Fraud Protection Service>=13.1.0<=17.1.0
Riverbed SteelApp Traffic Manager>=13.1.0<=17.1.0
F5 BIG-IP Link Controller>=13.1.0<=17.1.0
Riverbed SteelApp Traffic Manager>=13.1.0<=17.1.0
F5 BIG-IP Policy Enforcement Manager>=13.1.0<=17.1.0
F5 BIG-IP SSL Orchestrator>=13.1.0<=17.1.0
F5 BIG-IP WebAccelerator>=13.1.0<=17.1.0
F5 WebSafe>=13.1.0<=17.1.0
F5 F5OS=1.5.1
F5 F5OS=1.5.0
F5 F5OS>=1.3.0<=1.3.2
F5 F5OS=1.3.1
F5 F5OS=1.3.0
Siemens SCALANCE W1750D
Siemens Scalance W1750D Firmware
F5 Traffix Systems Signaling Delivery Controller=5.1.0
F5 Traffix Systems Signaling Delivery Controller=5.2.0
Aruba Networks AOS-CX Firmware>=10.06.0000<10.06.0180
Aruba Networks AOS-CX Firmware>=10.07.0000<10.07.0030
Aruba Networks AOS-CX Firmware>=10.08.0000<10.08.0010
Aruba Networks AOS-CX Firmware>=10.09.0000<10.09.0002
Aruba Networks CX 4100i
Aruba Networks CX 6100
HPE Aruba CX 6200F 48G
HPE Aruba CX 6200M
Aruba CX 6300
HPE Aruba CX 6300M 48G
HPE Aruba CX 6405
HPE Aruba CX 6410
HPE Aruba CX 8320-32
HPE Aruba 8325-32C
Aruba CX 8325
Aruba CX 8360
Aruba CX 8360
HPE Aruba 8360-24XF2C
Aruba CX 8360
Aruba CX 8360
Aruba CX 8360
HPE Aruba 8400X
Stormshield Management Center<3.3.3
Stormshield Network Security>=2.7.0<4.3.16
Stormshield Network Security>=4.4.0<4.6.3
F5 BIG-IP Access Policy Manager=17.0.0
17.1.0
F5 BIG-IP Access Policy Manager>=16.1.0<=16.1.3
16.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.9
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP and BIG-IQ Centralized Management>=17.0.0<=17.1.0
F5 BIG-IP and BIG-IQ Centralized Management>=16.1.0<=16.1.4
F5 BIG-IP and BIG-IQ Centralized Management>=15.1.0<=15.1.9
F5 BIG-IP and BIG-IQ Centralized Management>=14.1.0<=14.1.5
F5 BIG-IP and BIG-IQ Centralized Management>=13.1.0<=13.1.5
F5 BIG-IP Service Proxy for Kubernetes=1.6.0
F5 BIG-IP and BIG-IQ Centralized Management>=8.0.0<=8.4.0
F5 BIG-IP and BIG-IQ Centralized Management=7.1.0
F5 BIG-IP and BIG-IQ Centralized Management>=8.0.0<=8.3.0
F5 F5OS>=1.3.0<=1.3.1
F5 F5OS>=1.5.0<=1.5.1>=1.3.0<=1.3.2
F5 Traffix Systems Signaling Delivery Controller=5.2.0=5.1.0
5.2
All of
Siemens SCALANCE W1750D
Siemens Scalance W1750D Firmware
F5 F5OS=1.3.0
F5 F5OS=1.3.1
F5 F5OS>=1.3.0<=1.3.2
F5 F5OS=1.5.0
F5 F5OS=1.5.1
All of
Any of
Aruba Networks AOS-CX Firmware>=10.06.0000<10.06.0180
Aruba Networks AOS-CX Firmware>=10.07.0000<10.07.0030
Aruba Networks AOS-CX Firmware>=10.08.0000<10.08.0010
Aruba Networks AOS-CX Firmware>=10.09.0000<10.09.0002
Any of
Aruba Networks CX 4100i
Aruba Networks CX 6100
HPE Aruba CX 6200F 48G
HPE Aruba CX 6200M
Aruba CX 6300
HPE Aruba CX 6300M 48G
HPE Aruba CX 6405
HPE Aruba CX 6410
HPE Aruba CX 8320-32
HPE Aruba 8325-32C
Aruba CX 8325
Aruba CX 8360
Aruba CX 8360
HPE Aruba 8360-24XF2C
Aruba CX 8360
Aruba CX 8360
Aruba CX 8360
HPE Aruba 8400X
Stormshield Network Security (SNS)>=2.7.0<4.3.16
Stormshield Network Security (SNS)>=4.4.0<4.6.3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2002-20001?

    CVE-2002-20001 has a moderate severity, as it allows remote attackers to perform resource-intensive calculations on the server.

  • How do I fix CVE-2002-20001?

    To fix CVE-2002-20001, upgrade affected software versions to their patched releases, such as F5 BIG-IP to versions 17.1.0 or 16.1.4.

  • Which products are affected by CVE-2002-20001?

    Affected products include F5 BIG-IP (APM), F5 BIG-IQ Centralized Management, and various versions of F5 OS products.

  • What type of attack does CVE-2002-20001 enable?

    CVE-2002-20001 enables a D(HE)at or D(HE)ater attack, where attackers can exploit the Diffie-Hellman protocol to cause server-side resource strain.

  • How can I detect if my system is vulnerable to CVE-2002-20001?

    To detect vulnerability to CVE-2002-20001, check if any affected F5 products are running vulnerable versions as specified in the vulnerability report.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203