CVE-2021-34600

Exploit

EPSS 0.06%
Veröffentlicht 20.01.2022 12:15:08
Zuletzt bearbeitet 21.11.2024 06:10:47
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Telenot ≫ Compasx Version < 32.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.183

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:C/I:N/A:N
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
info@cert.vde.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-34600

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34600

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34600

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-34600