Vulnerability Details : CVE-2022-46397
FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.
Products affected by CVE-2022-46397
- cpe:2.3:a:lfprojects:vector_packet_processor:19.08:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:20.05:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:20.09:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:21.01:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:21.06:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:21.10:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:22.02:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:22.06:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:22.10:*:*:*:*:*:*:*
- cpe:2.3:a:lfprojects:vector_packet_processor:19.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-46397
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-46397
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2022-46397
-
https://lists.fd.io/g/security-announce/message/2
CVE-2022-46397: FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV with AES-CBC modeVendor Advisory
-
https://s3-docs.fd.io/vpp/23.02/
What is the Vector Packet Processor (VPP) — The Vector Packet Processor v23.02-0-g5516fc0f3 documentationProduct
Jump to