CVE: CVE-2022-30273

Export to Word

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.0012
Percentile: 0.31818

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-327 : Use of a Broken or Risky Cryptographic Algorithm
CWE-345 : Insufficient Verification of Data Authenticity

All CAPEC(s)

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
CAPEC-141: Cache Poisoning
CAPEC-142: DNS Cache Poisoning
CAPEC-148: Content Spoofing
CAPEC-20: Encryption Brute Forcing
CAPEC-218: Spoofing of UDDI/ebXML Messages
CAPEC-384: Application API Message Manipulation via Man-in-the-Middle
CAPEC-385: Transaction or Event Tampering via Application API Manipulation
CAPEC-386: Application API Navigation Remapping
CAPEC-387: Navigation Remapping To Propagate Malicious Content
CAPEC-388: Application API Button Hijacking
CAPEC-459: Creating a Rogue Certification Authority Certificate
CAPEC-473: Signature Spoof
CAPEC-475: Signature Spoofing by Improper Validation
CAPEC-608: Cryptanalysis of Cellular Encryption
CAPEC-614: Rooting SIM Cards
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
CAPEC-701: Browser in the Middle (BiTM)
CAPEC-97: Cryptanalysis

CAPEC(s) with Mapped TTPs

CAPEC-141: Cache Poisoning
Mapped TTPs:
- T1557.002 : ARP Cache Poisoning
CAPEC-142: DNS Cache Poisoning
Mapped TTPs:
- T1584.002 : DNS Server
CAPEC-148: Content Spoofing
Mapped TTPs:
- T1491 : Defacement
CAPEC-473: Signature Spoof
Mapped TTPs:
- T1036.001 : Invalid Code Signature
- T1553.002 : Code Signing
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
Mapped TTPs:
- T1211 : Exploitation for Defense Evasion
- T1542.002 : Component Firmware
- T1556 : Modify Authentication Process

Mapped ATT&CK TTPs

T1557.002 : ARP Cache Poisoning
Kill Chain: credential-access
T1584.002 : DNS Server
Kill Chain: resource-development
T1491 : Defacement
Kill Chain: impact
T1036.001 : Invalid Code Signature
Kill Chain: defense-evasion
T1553.002 : Code Signing
Kill Chain: defense-evasion
T1211 : Exploitation for Defense Evasion
Kill Chain: defense-evasion
T1542.002 : Component Firmware
Kill Chain: persistence
T1556 : Modify Authentication Process
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

APT41 DUST
ArcaneDoor
SolarWinds Compromise
Operation Honeybee
RedDelta Modified PlugX Infection Chain Operations
Operation Dream Job
C0015

Affected Products

cpe:2.3:a:motorolasolutions:mdlc:4.80.0024:*:*:*:*:*:*:*
cpe:2.3:a:motorolasolutions:mdlc:4.82.004:*:*:*:*:*:*:*
cpe:2.3:a:motorolasolutions:mdlc:4.83.001:*:*:*:*:*:*:*

← Back to Home