What is CVE-2021-34600?

CVE-2021-34600 is a medium-severity vulnerability in Telenot Electronic Gmbh Compasx, classified under Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG). CVSS score: 5.5/10. Published 2022-01-20.

How severe is CVE-2021-34600?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2021-34600 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Telenot Electronic Gmbh Compasx

CVE-2021-34600

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installat…

EPSS: 0.001 (18.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Telenot Electronic Gmbh Compasx — versions unspecified

Weakness classification (CWE)

CWE-335 — Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Public proof-of-concept exploits

References

www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-34600?: CVE-2021-34600 is a medium-severity vulnerability in Telenot Electronic Gmbh Compasx, classified under Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG). CVSS score: 5.5/10. Published 2022-01-20.
How severe is CVE-2021-34600?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2021-34600 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.