Lucene search
HistoryOct 19, 2023 - 10:15 a.m.
CVE-2022-24400
tetra authentication
mitm adversary
session key
cve-2022-24400
rand2
security flaw
CVSS3
5.9
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
AI Score
8.1
Confidence
High
EPSS
0
Percentile
15.5%
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.
Affected configurations
Node
midnightbluetetra\Matchburst-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| midnightblue | tetra\ | burst | cpe:2.3:a:midnightblue:tetra\:burst:-:*:*:*:*:*:*:* |
References
Related
vulnrichment
vulnrichment
CVE-2022-24400 DCK pinning attack in TETRA
2023-10-19 09:33:28
prion
prion
Authentication flaw
2023-10-19 10:15:00
Authentication flaw
2023-10-19 10:15:00
cvelist
cvelist
CVE-2022-24400 DCK pinning attack in TETRA
2023-10-19 09:33:28
cve
cve
CVE-2022-24400
2023-10-19 10:15:08
CVE-2022-26943
2023-10-19 10:15:09
nvd
nvd
CVE-2022-26943
2023-10-19 10:15:09
thn
thn
CVSS3
5.9
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
AI Score
8.1
Confidence
High
EPSS
0
Percentile
15.5%
Related for NVD:CVE-2022-24400