CVE-2022-24400

DCK pinning attack in TETRA

CVSS 7.5 HIGHEPSS 0.3%CWE-807

In short

A weakness in TETRA's authentication lets an attacker who can predict a specific challenge value intercept communications and force the session key to zero, making encrypted conversations readable.

Technical detail

The vulnerability exploits predictability of the MS challenge RAND2 in TETRA's authentication procedure, allowing a man-in-the-middle adversary to manipulate the Derived Cipher Key (DCK) negotiation to a null state, thereby compromising session encryption without detection.

Summary generated and translated by AI from the official description.

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R/CR:H/IR:H/AR:H/MAV:A/MAC:H/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H

Affected products

ETSI · TETRA Standard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tetraburst.com/