Описание
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- Permissions Required
- MitigationThird Party AdvisoryUS Government Resource
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия до 08a06 (исключая)
Одновременно
cpe:2.3:o:ge:rt430_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:rt430:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 08a06 (исключая)
Одновременно
cpe:2.3:o:ge:rt431_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:rt431:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 08a06 (исключая)
Одновременно
cpe:2.3:o:ge:rt434_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:rt434:-:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.0017
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-321
CWE-798
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
EPSS
Процентиль: 38%
0.0017
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-321
CWE-798