// For flags

CVE-2022-26943

Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.

Los firmwares de la serie Motorola MTM5000 generan desafíos de autenticación TETRA utilizando un PRNG que utiliza un registro de conteo de ticks como única fuente de entropía. La baja entropía del tiempo de arranque y la resiembra limitada del grupo hacen que el desafío de autenticación sea vulnerable a dos ataques. En primer lugar, debido a la entropía limitada del grupo de tiempo de arranque, un adversario puede derivar el contenido del grupo de entropía mediante una búsqueda exhaustiva de valores posibles, basándose en un desafío de autenticación observado. En segundo lugar, un adversario puede utilizar el conocimiento del conjunto de entropía para predecir los desafíos de autenticación. Como tal, la unidad es vulnerable a CVE-2022-24400.

*Credits: Midnight Blue
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2022-03-11 CVE Reserved
  • 2023-10-19 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-11-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CAPEC
References (1)
URL Tag Source
https://tetraburst.com Related
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Motorola
Search vendor "Motorola"
 Mtm5500 Firmware
Search vendor "Motorola" for product "Mtm5500 Firmware"
--
Affected
in Motorola
Search vendor "Motorola"
 Mtm5500
Search vendor "Motorola" for product "Mtm5500"
--
Safe
Motorola
Search vendor "Motorola"
 Mtm5400 Firmware
Search vendor "Motorola" for product "Mtm5400 Firmware"
--
Affected
in Motorola
Search vendor "Motorola"
 Mtm5400
Search vendor "Motorola" for product "Mtm5400"
--
Safe