CVE-2024-22064

{"id": "CVE-2024-22064", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@zte.com.cn", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T14:56:40.160", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524", "source": "psirt@zte.com.cn"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@zte.com.cn", "description": [{"lang": "en", "value": "CWE-1051"}]}], "descriptions": [{"lang": "en", "value": "ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.\n\n"}, {"lang": "es", "value": "El producto ZTE ZXUN-ePDG, que sirve como nodo de red del sistema VoWifi, en su configuraci\u00f3n predeterminada, utiliza un conjunto de claves criptogr\u00e1ficas no \u00fanicas al establecer una conexi\u00f3n segura (IKE) con los dispositivos m\u00f3viles que se conectan a trav\u00e9s de Internet. Si el conjunto de claves se filtra o se descifra, es posible que se filtre la informaci\u00f3n de la sesi\u00f3n del usuario que utiliza las claves."}], "lastModified": "2024-05-14T16:13:02.773", "sourceIdentifier": "psirt@zte.com.cn"}