Lucene search

NCSC-NLCVELIST:CVE-2022-24403

HistoryDec 05, 2023 - 1:54 p.m.

CVE-2022-24403 De-anonymization attack in TETRA

2023-12-0513:54:32

CWE-327

NCSC-NL

www.cve.org

cve-2022-24403

tetra

de-anonymization

identity encryption

class 2

class 3

sck

cck

recovery

adversary

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:A/MAC:L/MPR:N/MUI:N/MS:U/MC:L/MI:N/MA:N

AI Score

5.1

Confidence

High

EPSS

Percentile

12.7%

JSON

The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs.

CNA Affected

[
  {
    "vendor": "ETSI",
    "product": "TETRA Standard",
    "versions": [
      {
        "version": "TA61",
        "status": "affected"
      }
    ]
  }
]

References

tetraburst.com/

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:A/MAC:L/MPR:N/MUI:N/MS:U/MC:L/MI:N/MA:N

AI Score

5.1

Confidence

High

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2022-24403