Ietf
Products by Ietf Sorted by Most Security Vulnerabilities since 2018
Known Exploited Ietf Vulnerabilities
The following Ietf vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Service Location Protocol (SLP) Denial-of-Service Vulnerability | The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. CVE-2023-29552 | November 8, 2023 |
| HTTP/2 Rapid Reset Attack Vulnerability | HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). CVE-2023-44487 | October 10, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Ietf . Last year Ietf had 1 security vulnerability published. Right now, Ietf is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 4 | 4.70 |
| 2021 | 1 | 5.90 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.90 |
It may take a day or so for new Ietf vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ietf Security Vulnerabilities
The HTTP/2 protocol
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
Layer 2 network filtering capabilities such as IPv6 RA guard
CVE-2021-27862
4.7 - Medium
- September 27, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
Authentication Bypass by Spoofing
Layer 2 network filtering capabilities such as IPv6 RA guard
CVE-2021-27861
4.7 - Medium
- September 27, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
Authentication Bypass by Spoofing
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames
CVE-2021-27854
4.7 - Medium
- September 27, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
Authentication Bypass by Spoofing
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection
CVE-2021-27853
4.7 - Medium
- September 27, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
Authentication Bypass by Spoofing
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26
CVE-2020-20950
5.9 - Medium
- January 19, 2021
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
Use of a Broken or Risky Cryptographic Algorithm
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks
CVE-2018-5389
5.9 - Medium
- September 06, 2018
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.
Weak Password Requirements