CVE-2022-46397 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
lfprojects	vector_packet_processor	19.04
lfprojects	vector_packet_processor	19.08
lfprojects	vector_packet_processor	20.01
lfprojects	vector_packet_processor	20.05
lfprojects	vector_packet_processor	20.09
lfprojects	vector_packet_processor	21.01
lfprojects	vector_packet_processor	21.06
lfprojects	vector_packet_processor	21.10
lfprojects	vector_packet_processor	22.02
lfprojects	vector_packet_processor	22.06
lfprojects	vector_packet_processor	22.10

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-329 - Generation of Predictable IV with CBC Mode
The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.

References

https://lists.fd.io/g/security-announce/message/2

https://s3-docs.fd.io/vpp/23.02/

https://lists.fd.io/g/security-announce/message/2

https://s3-docs.fd.io/vpp/23.02/