CVE-2021-34600

Опубликовано: 20 янв. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

Ссылки

https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/
Exploit
Third Party Advisory
https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:telenot:compasx:*:*:*:*:*:*:*:*

Версия до 32.0 (исключая)

EPSS

Процентиль: 18%

0.00058

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-335

Связанные уязвимости

GHSA-5f54-x7j7-36p3

CVSS3: 7.5

github

около 4 лет назад

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for authorization of users.