CVE-2022-46397

EPSS 0.21%
Published 28.03.2023 22:15:09
Last modified 19.02.2025 19:15:11
Source cve@mitre.org
Teams watchlist Login
Open Login

FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Lfprojects ≫ Vector Packet Processor Version19.04

Lfprojects ≫ Vector Packet Processor Version19.08

Lfprojects ≫ Vector Packet Processor Version20.01

Lfprojects ≫ Vector Packet Processor Version20.05

Lfprojects ≫ Vector Packet Processor Version20.09

Lfprojects ≫ Vector Packet Processor Version21.01

Lfprojects ≫ Vector Packet Processor Version21.06

Lfprojects ≫ Vector Packet Processor Version21.10

Lfprojects ≫ Vector Packet Processor Version22.02

Lfprojects ≫ Vector Packet Processor Version22.06

Lfprojects ≫ Vector Packet Processor Version22.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.4

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-329 Generation of Predictable IV with CBC Mode

The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.

https://lists.fd.io/g/security-announce/message/2

Vendor Advisory

https://s3-docs.fd.io/vpp/23.02/

Product

https://nvd.nist.gov/vuln/detail/CVE-2022-46397

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-46397

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-46397

EUVD