Lucene search

[email protected]NVD:CVE-2022-24401

HistoryOct 19, 2023 - 10:15 a.m.

CVE-2022-24401

2023-10-1910:15:09

CWE-639

CWE-323

[email protected]

web.nvd.nist.gov

cve-2022-24401

adversary-induced keystream re-use

tetra air-interface

tea keystream generator

iv generation

tdma frame counters

unauthenticated broadcast

crafted messages

mobile station response

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered.

Affected configurations

Nvd

Node

midnightbluetetra\Matchburst-

VendorProductVersionCPE
midnightbluetetra\burstcpe:2.3:a:midnightblue:tetra\:burst:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
midnightblue	tetra\	burst	cpe:2.3:a:midnightblue:tetra\:burst:-:::::::*

References

tetraburst.com/

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for NVD:CVE-2022-24401

prion1 cvelist1 cve1 thn1