Lucene search

ZteCVELIST:CVE-2024-22064

HistoryMay 10, 2024 - 12:28 p.m.

CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG

2024-05-1012:28:16

CWE-1051

zte

www.cve.org

cve-2024-22064

zte zxun-epdg

configuration error

vulnerability

ike

cryptographic keys

vowifi

network node

mobile devices

internet

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "64 bit"
    ],
    "product": "ZXUN-ePDG",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThanOrEqual": "V5.20.19",
        "status": "affected",
        "version": "V5.20.15",
        "versionType": "custom"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-22064