CVE-2022-24400

Medium

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

NCSC-NL·CWE-807·Published 2023-10-19

CVSS

5.9

EPSS

0.00

KEV

Exploits

cve.orgen

140 chars

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

NVDen

140 chars

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

Una falla en el procedimiento de autenticación TETRA permite que un adversario MITM que puede predecir el desafío MS RAND2 establezca la clave de sesión DCK en cero.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R/CR:H/IR:H/AR:H/MAV:A/MAC:H/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H
3.1	Primary	NVD	5.9	1.6	4.2	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
3.1	Secondary	NVD	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H