CVE-2024-22064

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524

Configurations

No configuration.

History

21 Nov 2024, 08:55

Type	Values Removed	Values Added
Summary		(es) El producto ZTE ZXUN-ePDG, que sirve como nodo de red del sistema VoWifi, en su configuración predeterminada, utiliza un conjunto de claves criptográficas no únicas al establecer una conexión segura (IKE) con los dispositivos móviles que se conectan a través de Internet. Si el conjunto de claves se filtra o se descifra, es posible que se filtre la información de la sesión del usuario que utiliza las claves.
References	~~() https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524 -~~	() https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524 -

14 May 2024, 14:56

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 14:56

Updated : 2024-11-21 08:55

NVD link : CVE-2024-22064

Mitre link : CVE-2024-22064

CVE.ORG link : CVE-2024-22064

JSON object : View

Products Affected

No product.

CWE

CWE-1051

Initialization with Hard-Coded Network Resource Configuration Data

8.3 /10