CVE-2022-24400

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.
References
Link Resource
https://tetraburst.com/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:midnightblue:tetra\:burst:-:*:*:*:*:*:*:*

History

25 Oct 2023, 17:28

Type Values Removed Values Added
CWE CWE-639
References (MISC) https://tetraburst.com/ - (MISC) https://tetraburst.com/ - Vendor Advisory
CPE cpe:2.3:a:midnightblue:tetra\:burst:-:*:*:*:*:*:*:*
First Time Midnightblue tetra\
Midnightblue
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9

19 Oct 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-19 10:15

Updated : 2024-02-28 20:33


NVD link : CVE-2022-24400

Mitre link : CVE-2022-24400

CVE.ORG link : CVE-2022-24400


JSON object : View

Products Affected

midnightblue

  • tetra\
CWE
CWE-639

Authorization Bypass Through User-Controlled Key

CWE-807

Reliance on Untrusted Inputs in a Security Decision