{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22064", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "state": "PUBLISHED", "assignerShortName": "zte", "dateReserved": "2024-01-05T01:51:09.680Z", "datePublished": "2024-05-10T12:28:16.445Z", "dateUpdated": "2024-08-01T22:35:34.708Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit"], "product": "ZXUN-ePDG", "vendor": "ZTE", "versions": [{"lessThanOrEqual": "V5.20.19", "status": "affected", "version": "V5.20.15", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.</p><br>"}], "value": "ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.\n\n"}], "impacts": [{"capecId": "CAPEC-12", "descriptions": [{"lang": "en", "value": "CAPEC-12 Choosing Message Identifier"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1051", "description": "CWE-1051: Initialization with Hard-Coded Network Resource Configuration Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2024-05-10T12:28:16.445Z"}, "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>V5.20.20</p><br>"}], "value": "V5.20.20\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Configuration error Vulnerability in ZTE ZXUN-ePDG", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22064", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-10T14:50:14.318678Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zte:zxun-epdg:5.20.15:*:*:*:*:*:*:*"], "vendor": "zte", "product": "zxun-epdg", "versions": [{"status": "affected", "version": "5.20.15"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:44.293Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.708Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.708Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22064", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-10T14:50:14.318678Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zte:zxun-epdg:5.20.15:*:*:*:*:*:*:*"], "vendor": "zte", "product": "zxun-epdg", "versions": [{"status": "affected", "version": "5.20.15"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-10T14:51:24.599Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Configuration error Vulnerability in ZTE ZXUN-ePDG", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-12", "descriptions": [{"lang": "en", "value": "CAPEC-12 Choosing Message Identifier"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZTE", "product": "ZXUN-ePDG", "versions": [{"status": "affected", "version": "V5.20.15", "versionType": "custom", "lessThanOrEqual": "V5.20.19"}], "platforms": ["64 bit"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "V5.20.20\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>V5.20.20</p><br>", "base64": false}]}], "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1051", "description": "CWE-1051: Initialization with Hard-Coded Network Resource Configuration Data"}]}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2024-05-10T12:28:16.445Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22064", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:35:34.708Z", "dateReserved": "2024-01-05T01:51:09.680Z", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "datePublished": "2024-05-10T12:28:16.445Z", "assignerShortName": "zte"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zte:zxun-epdg:*:*:*:*:*:*:*:*", "matchCriteriaId": "428020C1-365E-4AD1-AFF7-51D3916201BE", "versionEndExcluding": "5.20.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.\n\n"}, {"lang": "es", "value": "El producto ZTE ZXUN-ePDG, que sirve como nodo de red del sistema VoWifi, en su configuraci\u00f3n predeterminada, utiliza un conjunto de claves criptogr\u00e1ficas no \u00fanicas al establecer una conexi\u00f3n segura (IKE) con los dispositivos m\u00f3viles que se conectan a trav\u00e9s de Internet. Si el conjunto de claves se filtra o se descifra, es posible que se filtre la informaci\u00f3n de la sesi\u00f3n del usuario que utiliza las claves."}], "id": "CVE-2024-22064", "lastModified": "2025-01-28T16:12:31.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "psirt@zte.com.cn", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T14:56:40.160", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1051"}], "source": "psirt@zte.com.cn", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}