F5-K83120834
First published: Thu May 19 2022(Updated: )
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP Access Policy Manager | =17.0.0 | 17.1.0 |
| F5 BIG-IP Access Policy Manager | >=16.1.0<=16.1.3 | 16.1.4 |
| F5 BIG-IP Access Policy Manager | >=15.1.0<=15.1.9 | |
| F5 BIG-IP Access Policy Manager | >=14.1.0<=14.1.5 | |
| F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.5 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=17.0.0<=17.1.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.4 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.9 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=14.1.0<=14.1.5 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=13.1.0<=13.1.5 | |
| F5 BIG-IP Service Proxy for Kubernetes | =1.6.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=8.0.0<=8.3.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | =7.1.0 | |
| F5 F5OS | >=1.3.0<=1.3.1 | |
| F5 F5OS | >=1.5.0<=1.5.1>=1.3.0<=1.3.2 | |
| F5 Traffix Systems Signaling Delivery Controller | =5.2.0=5.1.0 | 5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K83120834?
The severity of F5-K83120834 is considered critical due to the potential for denial-of-service attacks using a D(HE)ater attack.
How do I fix F5-K83120834?
To fix F5-K83120834, upgrade your F5 BIG-IP or other affected product to the latest recommended version as specified in the advisory.
Who is affected by F5-K83120834?
F5-K83120834 affects various versions of F5 BIG-IP (APM), BIG-IQ Centralized Management, and other F5 products.
What type of attack is F5-K83120834 associated with?
F5-K83120834 is associated with a denial-of-service attack, specifically a D(HE)ater attack leveraging the Diffie-Hellman Key Agreement Protocol.
Can F5-K83120834 be exploited remotely?
Yes, F5-K83120834 can be exploited remotely by an attacker sending arbitrary numbers to trigger costly server-side calculations.
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/f5-advisory
- source/F5
- alias/CVE-2002-20001
- alias/CVE-2022-40735
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/17.0.0
- version/f5 big-ip access policy manager/16.1.0
- version/f5 big-ip access policy manager/16.1.3
- version/f5 big-ip access policy manager/15.1.0
- version/f5 big-ip access policy manager/15.1.9
- version/f5 big-ip access policy manager/14.1.0
- version/f5 big-ip access policy manager/14.1.5
- version/f5 big-ip access policy manager/13.1.0
- version/f5 big-ip access policy manager/13.1.5
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/17.0.0
- version/f5 big-ip and big-iq centralized management/17.1.0
- version/f5 big-ip and big-iq centralized management/16.1.0
- version/f5 big-ip and big-iq centralized management/16.1.4
- version/f5 big-ip and big-iq centralized management/15.1.0
- version/f5 big-ip and big-iq centralized management/15.1.9
- version/f5 big-ip and big-iq centralized management/14.1.0
- version/f5 big-ip and big-iq centralized management/14.1.5
- version/f5 big-ip and big-iq centralized management/13.1.0
- version/f5 big-ip and big-iq centralized management/13.1.5
- canonical/f5 big-ip service proxy for kubernetes
- version/f5 big-ip service proxy for kubernetes/1.6.0
- version/f5 big-ip and big-iq centralized management/8.0.0
- version/f5 big-ip and big-iq centralized management/8.3.0
- version/f5 big-ip and big-iq centralized management/7.1.0
- canonical/f5 f5os
- version/f5 f5os/1.3.0
- version/f5 f5os/1.3.1
- version/f5 f5os/1.5.0
- version/f5 f5os/1.5.1
- version/f5 f5os/1.3.2
- canonical/f5 traffix systems signaling delivery controller
- version/f5 traffix systems signaling delivery controller/5.2.0
- version/f5 traffix systems signaling delivery controller/5.1.0