CVE-2022-46397

FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.fd.io/g/security-announce/message/2	Vendor Advisory
https://s3-docs.fd.io/vpp/23.02/	Product
https://lists.fd.io/g/security-announce/message/2	Vendor Advisory
https://s3-docs.fd.io/vpp/23.02/	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lfprojects:vector_packet_processor:19.04:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:19.08:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:20.01:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:20.05:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:20.09:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:21.01:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:21.06:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:21.10:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:22.02:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:22.06:::::::*
	cpe:2.3:a:lfprojects:vector_packet_processor:22.10:::::::*

History

19 Feb 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-329

21 Nov 2024, 07:30

Type	Values Removed	Values Added
References	~~() https://lists.fd.io/g/security-announce/message/2 - Vendor Advisory~~	() https://lists.fd.io/g/security-announce/message/2 - Vendor Advisory
References	~~() https://s3-docs.fd.io/vpp/23.02/ - Product~~	() https://s3-docs.fd.io/vpp/23.02/ - Product

06 Apr 2023, 18:03

Type	Values Removed	Values Added
CPE		cpe:2.3:a:lfprojects:vector_packet_processor:20.09:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:21.10:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:20.01:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:22.10:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:19.04:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:22.02:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:21.01:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:20.05:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:21.06:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:19.08:::::::* cpe:2.3:a:lfprojects:vector_packet_processor:22.06:::::::*
First Time		Lfprojects Lfprojects vector Packet Processor
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://s3-docs.fd.io/vpp/23.02/ -~~	(MISC) https://s3-docs.fd.io/vpp/23.02/ - Product
References	~~(MISC) https://lists.fd.io/g/security-announce/message/2 -~~	(MISC) https://lists.fd.io/g/security-announce/message/2 - Vendor Advisory

28 Mar 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-28 22:15

Updated : 2025-02-19 19:15

NVD link : CVE-2022-46397

Mitre link : CVE-2022-46397

CVE.ORG link : CVE-2022-46397

JSON object : View

Products Affected

lfprojects

vector_packet_processor

CWE

NVD-CWE-Other CWE-329

Generation of Predictable IV with CBC Mode

7.5 /10