Vulnerabilities > CVE-2022-24400 - Authorization Bypass Through User-Controlled Key vulnerability in Midnightblue Tetra:Burst

047910
CVSS 5.9 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
HIGH
Availability impact
NONE
high complexity
midnightblue
CWE-639
NVD
Published: 2023-10-19
Updated: 2023-11-07

Summary

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

Vulnerable Configurations

Part Description Count
Application
Midnightblue
1

Common Weakness Enumeration (CWE)

References