CVE-2021-34600

Exploit

EPSS 0.41%
Veröffentlicht 20.01.2022 12:15:08
Zuletzt bearbeitet 21.11.2024 06:10:47
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

Telenot complex: Insecure AES Key Generation

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Telenot ≫ Compasx Version < 32.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.329

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:C/I:N/A:N
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
info@cert.vde.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-34600

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34600

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34600

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-34600