ETSI Security Vulnerabilities
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given....
4.3CVSS
7.3AI Score
0.0004EPSS
The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search...
7.5CVSS
7.2AI Score
0.0005EPSS
Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit...
7.5CVSS
7.1AI Score
0.0005EPSS
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to...
5.9CVSS
6.9AI Score
0.0004EPSS
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of.....
8.1CVSS
7.4AI Score
0.001EPSS
The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward...
5.9CVSS
7.4AI Score
0.002EPSS