How severe is CVE-2022-24401?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-24401?

This is classified as CWE-323, which is a common weakness in software security.

CVE-2022-24401 - HIGH Severity | CVSS 8.1

Vulnerability Description

Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered.

Related Vulnerabilities

CVE-2017-13082

HIGH

CVSS:8.1(High)

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing a...

CWE-3232017

CVE-2019-7593

CRITICAL

CVSS:9.1(Critical)

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).

CWE-3232019

CVE-2017-13084

MEDIUM

CVSS:6.8(Medium)

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, d...

CWE-3232017

CVE-2017-13086

MEDIUM

CVSS:6.8(Medium)

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decryp...

CWE-3232017

CVE-2020-1759

MEDIUM

CVSS:6.8(Medium)

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which...

CWE-3232020

CVE-2023-4680

MEDIUM

CVSS:6.8(Medium)

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an...

CWE-3232023