CVE-2024-5264

Summary

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis

Affected Software

VendorProductVersion RangeStatus
ThalesLuna EFT2.1.0affected

Weaknesses

  • CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Workarounds

Disable functionality in the console - see linked bulletin

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References