What is the severity of CVE-2018-0131?

CVE-2018-0131 is classified as a medium severity vulnerability.

How do I fix CVE-2018-0131?

To fix CVE-2018-0131, upgrade your Cisco IOS or IOS XE software to versions that contain the security patch.

Who is affected by CVE-2018-0131?

CVE-2018-0131 affects devices running Cisco IOS 15.5(3)s and Cisco IOS XE 15.5(3)s.

What type of attack does CVE-2018-0131 enable?

CVE-2018-0131 enables an unauthenticated, remote attacker to obtain encrypted nonces from IKEv1 sessions.

Is CVE-2018-0131 related to cryptographic vulnerabilities?

Yes, CVE-2018-0131 is related to vulnerabilities in the implementation of RSA-encrypted nonces in Cisco software.

Vulnerability/
CVE-2018-0131

medium

5.9

CWE

326

13/8/2018

14/8/2018

26/11/2024

CVE-2018-0131: Weak Encryption

First published: Mon Aug 13 2018(Updated: )

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS	=15.5\(3\)s
Cisco IOS XE	=15.5\(3\)s

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-0131?
CVE-2018-0131 is classified as a medium severity vulnerability.
How do I fix CVE-2018-0131?
To fix CVE-2018-0131, upgrade your Cisco IOS or IOS XE software to versions that contain the security patch.
Who is affected by CVE-2018-0131?
CVE-2018-0131 affects devices running Cisco IOS 15.5(3)s and Cisco IOS XE 15.5(3)s.
What type of attack does CVE-2018-0131 enable?
CVE-2018-0131 enables an unauthenticated, remote attacker to obtain encrypted nonces from IKEv1 sessions.
Is CVE-2018-0131 related to cryptographic vulnerabilities?
Yes, CVE-2018-0131 is related to vulnerabilities in the implementation of RSA-encrypted nonces in Cisco software.

collector/nvd-index
agent/type
agent/weakness
agent/references
agent/severity
agent/author
agent/first-publish-date
agent/softwarecombine
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
vendor/cisco
canonical/cisco ios
version/cisco ios/15.5\(3\)s
canonical/cisco ios xe
version/cisco ios xe/15.5\(3\)s

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.