CVE-2024-22064

Summary

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.

Affected Software

VendorProductVersion RangeStatus
ZTEZXUN-ePDGV5.20.15 <= V5.20.19affected

Weaknesses

  • CWE-1051: CWE-1051: Initialization with Hard-Coded Network Resource Configuration Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References