CVE-2002-20001

HIGH

Balasys Dheater < 16.1.4 - Denial of Service

Title source: rule
STIX 2.1

Description

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

Exploits (2)

nomisec WORKING POC 210 stars
by c0r0n3r · poc
https://github.com/c0r0n3r/dheater
nomisec WORKING POC
by itmaniac · poc
https://github.com/itmaniac/dheat_dos_attack_poc

References (13)

Core 13
Core References
Third Party Advisory
https://dheatattack.com
Third Party Advisory
https://dheatattack.gitlab.io/
Product, Third Party Advisory
https://github.com/Balasys/dheater
Technical Description, Third Party Advisory
https://ieeexplore.ieee.org/document/10374117
Technical Description, Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt

Scores

CVSS v3 7.5
EPSS 0.1468
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (50)
balasys/dheater
f5/big-ip_access_policy_manager 13.1.0 - 16.1.4
f5/big-ip_advanced_firewall_manager 17.5.0
f5/big-ip_advanced_firewall_manager 13.1.0 - 17.1.2
f5/big-ip_advanced_web_application_firewall 17.5.0
f5/big-ip_advanced_web_application_firewall 13.1.0 - 17.1.2
f5/big-ip_analytics 17.5.0
f5/big-ip_analytics 13.1.0 - 17.1.2
f5/big-ip_application_acceleration_manager 17.5.0
f5/big-ip_application_acceleration_manager 13.1.0 - 17.1.2
... and 40 more
Published Nov 11, 2021
Tracked Since Feb 18, 2026