Lucene search

[email protected]NVD:CVE-2021-34600

HistoryJan 20, 2022 - 12:15 p.m.

CVE-2021-34600

2022-01-2012:15:08

CWE-335

[email protected]

web.nvd.nist.gov

telenot compasx

weak seed

random number

aes keys

nfc tags

local authorization

trustworthiness

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.8%

JSON

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

Affected configurations

Nvd

Node

telenotcompasxRange<32.0

VendorProductVersionCPE
telenotcompasx*cpe:2.3:a:telenot:compasx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
telenot	compasx	*	cpe:2.3:a:telenot:compasx::::::::

References

www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.8%

JSON

Related for NVD:CVE-2021-34600

githubexploit1 cvelist1 prion1 cve1