CVE-2024-5264
5.9
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Thales | Luna EFT | 2.1.0 | affected |
Weaknesses
- CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Workarounds
Disable functionality in the console - see linked bulletin
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.