CVE-2002-20001: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

The Diffie-Hellman Key Agreement Protocol vulnerability (CVE-2002-20001), also known as D(HE)at or D(HE)ater attack, is a denial-of-service (DoS) vulnerability discovered in 2021. This vulnerability allows remote attackers from the client side to send arbitrary numbers that are not actual public keys, triggering expensive server-side DHE modular-exponentiation calculations. The attack is particularly efficient as it requires very little CPU resources and network bandwidth from the attacker's side, while potentially causing significant server resource consumption (DHEat Attack, NVD).

The vulnerability exploits the Diffie-Hellman key exchange protocol by allowing attackers to trigger resource-intensive calculations on the server side. The attack becomes more disruptive when a client can force a server to select its largest supported key size. The basic attack scenario requires the client to claim it can only communicate with DHE, and the server must be configured to allow DHE. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The primary impact of this vulnerability is on system availability. When exploited, it can lead to server CPU saturation with minimal attacker resources, potentially causing denial of service. The attack is particularly concerning as it can achieve high CPU usage on servers with as little as 5 KB/s of incoming traffic (OpenSSL Blog).

Several mitigation strategies are recommended: 1) Disable DHE key exchange and use only ECDHE (Elliptic Curve Diffie-Hellman), 2) If DHE must be used, limit support to groups up to 3072-bit size (ffdhe2048, ffdhe3072), 3) For modern deployments, prefer X25519 over prime256v1 as it provides the same security strength with better performance. Specific configuration changes are required for different services such as Apache, NGINX, and OpenSSH (SUSE KB, OpenSSL Blog).

The vulnerability has gained significant attention in the security community, leading to discussions about removing DHE from SSL configurations. Multiple vendors and organizations have issued advisories and updates to address this vulnerability, including OpenSSL, SUSE, F5, and Aruba Networks (SSL Config Generator Issue).