CVE-2022-24403 - OpenCVE

The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Midnightblue	Tetra\

Configuration 1 [-]

cpe:2.3:a:midnightblue:tetra\:burst:-:*:*:*:*:*:*:*

References

Link	Resource
https://tetraburst.com/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: NCSC-NL

Published: 2023-12-05T13:54:32.045Z

Updated: 2023-12-05T13:54:32.045Z

Reserved: 2022-02-04T04:43:09.527Z

Link: CVE-2022-24403

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-05T14:15:07.510

Modified: 2023-12-12T17:04:43.967

Link: CVE-2022-24403

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:midnightblue:tetra\\:burst:-:*:*:*:*:*:*:*", "matchCriteriaId": "E47ED5D3-E6C3-419A-9A3B-9F20863B9FDA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs."}, {"lang": "es", "value": "La funci\u00f3n de cifrado de identidad TETRA TA61 utiliza internamente un valor de 64 bits derivado exclusivamente de SCK (redes Clase 2) o CCK (redes Clase 3). La estructura de TA61 permite una recuperaci\u00f3n eficiente de este valor de 64 bits, lo que permite a un adversario cifrar o descifrar identidades arbitrarias con solo tres pares de identidades cifradas/no cifradas conocidas."}], "id": "CVE-2022-24403", "lastModified": "2023-12-12T17:04:43.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cert@ncsc.nl", "type": "Secondary"}]}, "published": "2023-12-05T14:15:07.510", "references": [{"source": "cert@ncsc.nl", "tags": ["Third Party Advisory"], "url": "https://tetraburst.com/"}], "sourceIdentifier": "cert@ncsc.nl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "cert@ncsc.nl", "type": "Secondary"}]}