Lucene search

ZteVULNRICHMENT:CVE-2024-22064

HistoryMay 10, 2024 - 12:28 p.m.

CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG

2024-05-1012:28:16

CWE-1051

zte

github.com

zte

zxun-epdg

configuration error

vulnerability

vowifi

cryptographic keys

ike

mobile devices

user session information

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:zte:zxun-epdg:5.20.15:*:*:*:*:*:*:*"
    ],
    "vendor": "zte",
    "product": "zxun-epdg",
    "versions": [
      {
        "status": "affected",
        "version": "5.20.15"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-22064