admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

added CVE-2021-34600.json

Browse Source
This commit is contained in:
Jochen Becker 2022-01-20 12:29:38 +01:00
parent 712979118f
commit 644880bbdf
1 changed files with 97 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
2021/34xxx/CVE-2021-34600.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-01-18T11:00:00.000Z",
"ID": "CVE-2021-34600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Telenot complex: Insecure AES Key Generation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CompasX",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "32.0"
}
]
}
}
]
},
"vendor_name": "Telenot Electronic GmbH"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "X41 D-SEC GmbH, Markus Vervier, Yasar Klawohn"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for authorization of users."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/",
"refsource": "CONFIRM",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to CompasX versions >= 32.0\n"
}
],
"source": {
"defect": [
"CERT@VDE#64025"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "It is strongly recommended to raise the security level during the time window until the AES keys can be changed to securely generated ones. The complex alarm systems supports alternative authentication factors that can be combined with the Desfire NFC tag authentication. An example for such an additional factor is a requirement for a valid PIN entry on the complex alarm system in addition to a successful Desfire authentication to disarm the alarm."
}
]
}