|
Original Release Date: May 10 2024 Vulnerability ID CVE ID: CVE-2024-22064 CNNVD ID: CNNVD-2024-07840129 CVSS 3.1 Base Score 8.3 High (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) Description ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXUN-ePDG | V5.20.19 and earlier | V5.20.20 |
Acknowledgement ZTE thanks the researchers at University of Vienna: Gabriel K. Gegenhuber, Florian Holzbauer and Edgar Weippl, the researcher at SBA Research Center of Vienna: Philipp Frenzel, and the researcher at CISPA Helmholtz Center for Information Security: Adrian Dabrowski, who discovered and reported this vulnerability to ZTE through the GSMA CVD Program. ZTE also thanks the GSMA CVD Program for their coordination and communication regarding this vulnerability. Update Records May 10 2024, initial. Version Update Method ZTE has notified its affected global customers and guided them to fix it. If you have more questions, please contact ZTE Global Customer Center. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|