CVE-2002-20001

Public on 2021-11-11
Modified on 2024-07-22
Description
CVE-2002-20001 describes an issue with Diffie-Hellman key exchange (DHE), and affects all applications that make use of this protocol. Other key exchange protocols such as Elliptic Curve Diffie-Hellman (ECDHE) are not affected by this issue.

Mitigation for this issue will depend on the affected application. The most effective approach is to disable the use of Diffie-Hellman key exchange (DHE) and make use of Elliptic Curve Diffie-Hellman (ECDHE) instead. However, in some cases this may cause connectivity issues with older clients and therefore is not often the default configuration. Additional information about this CVE and mitigation guidance is available from the OpenSSL Project [1].

[1] https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/
Severity
Medium severity
Medium
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core edk2 Not Affected
Amazon Linux 1 openssl No Fix Planned
Amazon Linux 2 - Core openssl No Fix Planned
Amazon Linux 2023 openssl No Fix Planned
Amazon Linux 2 - Openssl-snapsafe Extra openssl-snapsafe No Fix Planned
Amazon Linux 2 - Core openssl11 No Fix Planned

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2002-20001 Mitre: CVE-2002-20001