How severe is CVE-2018-5389?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2018-5389?

This is classified as CWE-521, which is a common weakness in software security.

CVE-2018-5389

MEDIUM Year: 2018

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-521

View all →

Vulnerability Description

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.

CVE-2017-1386

MEDIUM

CVSS:5.9(Medium)

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID:...

CWE-5212017

CVE-2019-4067

MEDIUM

CVSS:5.9(Medium)

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-...

CWE-5212019

CVE-2019-4235

MEDIUM

CVSS:5.9(Medium)

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID:...

CWE-5212019

CVE-2019-4321

MEDIUM

CVSS:5.9(Medium)

IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not req...

CWE-5212019

CVE-2019-4565

MEDIUM

CVSS:5.9(Medium)

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 1...

CWE-5212019

CVE-2019-4576

MEDIUM

CVSS:5.9(Medium)

IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user account...

CWE-5212019

CVE-2018-5389

Vulnerability Description

Related Vulnerabilities

CVE-2017-1386

CVE-2019-4067

CVE-2019-4235

CVE-2019-4321

CVE-2019-4565

CVE-2019-4576