CVE-2022-24400

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.
References
Link Resource
https://tetraburst.com/ Vendor Advisory
https://tetraburst.com/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:midnightblue:tetra\:burst:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 7.5
References () https://tetraburst.com/ - Vendor Advisory () https://tetraburst.com/ - Vendor Advisory

25 Oct 2023, 17:28

Type Values Removed Values Added
References (MISC) https://tetraburst.com/ - (MISC) https://tetraburst.com/ - Vendor Advisory
CPE cpe:2.3:a:midnightblue:tetra\:burst:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9
First Time Midnightblue tetra\
Midnightblue
CWE CWE-639

19 Oct 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-19 10:15

Updated : 2024-11-21 06:50


NVD link : CVE-2022-24400

Mitre link : CVE-2022-24400

CVE.ORG link : CVE-2022-24400


JSON object : View

Products Affected

midnightblue

  • tetra\
CWE
CWE-807

Reliance on Untrusted Inputs in a Security Decision

CWE-639

Authorization Bypass Through User-Controlled Key