CVE-2016-15006 LOW

CVE-2016-15006: enigmaX Scrambling Table main.c getSeed prng seed

Vendor N/A

Product enigmaX

Weakness CWE-337

Published January 2, 2023

Last update August 6, 2024

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability.

Key dates

02Disclosure timeline

January 2, 2023 CVE published

August 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-15006 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/337.html

Related vulnerabilities

Identifiers

CVE CVE-2016-15006

CWE CWE-337

CVSS 3.7 / LOW

Affected versions

Vendor N/A

Product enigmaX

Affected 2.0

Vendor N/A

Product enigmaX

Affected 2.1

Vendor N/A

Product enigmaX

Affected 2.2

CVE-2016-15006: enigmaX Scrambling Table main.c getSeed prng seed

01Description

02Disclosure timeline

03References

04Related CVE