First published: Thu Nov 11 2021(Updated: )
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Balasys Dheater | ||
SUSE Linux Enterprise Server | =15 | |
SUSE Linux Enterprise Server | =11 | |
SUSE Linux Enterprise Server | =12 | |
F5 BIG-IQ Centralized Management | =7.1.0 | |
F5 BIG-IQ Centralized Management | >=8.0.0<=8.2.0 | |
F5 Big-ip Service Proxy Kubernetes | =1.6.0 | |
F5 Traffix Sdc | =5.2.0 | |
F5 Traffix Sdc | =5.1.0 | |
F5 BIG-IP Access Policy Manager | >=13.1.0<=17.1.0 | |
F5 BIG-IP Advanced Firewall Manager | >=13.1.0<=17.1.0 | |
F5 Big-ip Advanced Web Application Firewall | >=13.1.0<=17.1.0 | |
F5 BIG-IP Analytics | >=13.1.0<=17.1.0 | |
F5 Big-ip Application Acceleration Manager | >=13.1.0<=17.1.0 | |
F5 BIG-IP Application Security Manager | >=13.1.0<=17.1.0 | |
F5 Big-ip Application Visibility And Reporting | >=13.1.0<=17.1.0 | |
F5 Big-ip Carrier-grade Nat | >=13.1.0<=17.1.0 | |
F5 Big-ip Ddos Hybrid Defender | >=13.1.0<=17.1.0 | |
F5 Big-ip Domain Name System | >=13.1.0<=17.1.0 | |
F5 Big-ip Edge Gateway | >=13.1.0<=17.1.0 | |
F5 Big-ip Fraud Protection Service | >=13.1.0<=17.1.0 | |
F5 Big-ip Global Traffic Manager | >=13.1.0<=17.1.0 | |
F5 Big-ip Link Controller | >=13.1.0<=17.1.0 | |
F5 Big-ip Local Traffic Manager | >=13.1.0<=17.1.0 | |
F5 Big-ip Policy Enforcement Manager | >=13.1.0<=17.1.0 | |
F5 Big-ip Ssl Orchestrator | >=13.1.0<=17.1.0 | |
F5 Big-ip Webaccelerator | >=13.1.0<=17.1.0 | |
F5 Big-ip Websafe | >=13.1.0<=17.1.0 | |
F5 F5OS-C | =1.5.1 | |
F5 F5OS-C | =1.5.0 | |
F5 F5OS-C | >=1.3.0<=1.3.2 | |
F5 F5OS-A | =1.3.1 | |
F5 F5OS-A | =1.3.0 | |
Siemens Scalance W1750d Firmware | ||
Siemens SCALANCE W1750D | ||
F5 Traffix Signaling Delivery Controller | =5.1.0 | |
F5 Traffix Signaling Delivery Controller | =5.2.0 | |
Hpe Arubaos-cx | >=10.06.0000<10.06.0180 | |
Hpe Arubaos-cx | >=10.07.0000<10.07.0030 | |
Hpe Arubaos-cx | >=10.08.0000<10.08.0010 | |
Hpe Arubaos-cx | >=10.09.0000<10.09.0002 | |
Hpe Aruba Cx 4100i | ||
Hpe Aruba Cx 6100 | ||
Hpe Aruba Cx 6200f | ||
Hpe Aruba Cx 6200m | ||
Hpe Aruba Cx 6300f | ||
Hpe Aruba Cx 6300m | ||
Hpe Aruba Cx 6405 | ||
Hpe Aruba Cx 6410 | ||
Hpe Aruba Cx 8320 | ||
Hpe Aruba Cx 8325-32c | ||
Hpe Aruba Cx 8325-48y8c | ||
Hpe Aruba Cx 8360-12c | ||
Hpe Aruba Cx 8360-16y2c | ||
Hpe Aruba Cx 8360-24xf2c | ||
Hpe Aruba Cx 8360-32y4c | ||
Hpe Aruba Cx 8360-48xt4c | ||
Hpe Aruba Cx 8360-48y6c | ||
Hpe Aruba Cx 8400 | ||
Stormshield Stormshield Management Center | <3.3.3 | |
Stormshield Stormshield Network Security | >=2.7.0<4.3.16 | |
Stormshield Stormshield Network Security | >=4.4.0<4.6.3 | |
All of | ||
Siemens Scalance W1750d Firmware | ||
Siemens SCALANCE W1750D | ||
All of | ||
Any of | ||
Hpe Arubaos-cx | >=10.06.0000<10.06.0180 | |
Hpe Arubaos-cx | >=10.07.0000<10.07.0030 | |
Hpe Arubaos-cx | >=10.08.0000<10.08.0010 | |
Hpe Arubaos-cx | >=10.09.0000<10.09.0002 | |
Any of | ||
Hpe Aruba Cx 4100i | ||
Hpe Aruba Cx 6100 | ||
Hpe Aruba Cx 6200f | ||
Hpe Aruba Cx 6200m | ||
Hpe Aruba Cx 6300f | ||
Hpe Aruba Cx 6300m | ||
Hpe Aruba Cx 6405 | ||
Hpe Aruba Cx 6410 | ||
Hpe Aruba Cx 8320 | ||
Hpe Aruba Cx 8325-32c | ||
Hpe Aruba Cx 8325-48y8c | ||
Hpe Aruba Cx 8360-12c | ||
Hpe Aruba Cx 8360-16y2c | ||
Hpe Aruba Cx 8360-24xf2c | ||
Hpe Aruba Cx 8360-32y4c | ||
Hpe Aruba Cx 8360-48xt4c | ||
Hpe Aruba Cx 8360-48y6c | ||
Hpe Aruba Cx 8400 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.