CVE-2024-22064
8.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZTE | ZXUN-ePDG | V5.20.15 <= V5.20.19 | affected |
Weaknesses
- CWE-1051: CWE-1051: Initialization with Hard-Coded Network Resource Configuration Data
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.