CVE-2022-24404
Published: 19 October 2023
Summary
CVE-2022-24404 is a medium-severity Missing Support for Integrity Check (CWE-353) vulnerability in Midnightblue Tetra\. Its CVSS base score is 5.9 (Medium).
Operationally, ranked at the 33.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-29296
Vulnerability details
Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Tamper detection fundamentally depends on integrity-checking capabilities that this control mandates or strengthens.
Control explicitly adds support for integrity mechanisms such as checksums during preparation, preventing attacks that rely on missing integrity checks.
Directly supplies the missing integrity verification mechanism the weakness describes.
Tamper protection programs explicitly add integrity checks where support was previously missing.
Irrefutable evidence of actions requires integrity protection to prevent tampering or alteration of records.
Implements required signature-based integrity verification, addressing missing support for integrity checks on components.
Requiring control over the integrity of all changes directly compels developers to implement integrity verification mechanisms rather than omitting them.
Explicitly requires support for integrity and authenticity checks on components before acceptance into the system.