CVE-2024-22064 – ZTE ZXUN-ePDG products use non-unique cryptogra... (How to Fix)

Q: What is the severity of CVE-2024-22064?

CVE-2024-22064 has a CVSS score of 8.3 (HIGH). ZTE ZXUN-ePDG products use non-unique cryptographic keys by default when establishing IKE secure connections with mobile devices over the internet. If these keys are compromised, attackers can decrypt and access user session information. This affects all ZTE ZXUN-ePDG deployments with default configurations.

📋 TL;DR

ZTE ZXUN-ePDG products use non-unique cryptographic keys by default when establishing IKE secure connections with mobile devices over the internet. If these keys are compromised, attackers can decrypt and access user session information. This affects all ZTE ZXUN-ePDG deployments with default configurations.

💻 Affected Systems

Products:

ZTE ZXUN-ePDG

Versions: All versions with default configuration

Operating Systems: Embedded/Network OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using default cryptographic key configuration for IKE connections.

📦 What is this software?

Zxun Epdg by Zte

View all CVEs affecting Zxun Epdg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass decryption of all VoWifi user sessions, leading to complete compromise of user communications, location tracking, and potential credential theft.

🟠

Likely Case

Targeted decryption of specific user sessions, allowing interception of communications and potential session hijacking.

🟢

If Mitigated

Limited to internal network attacks if proper segmentation and monitoring are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires obtaining the non-unique keys through other means before session decryption is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact ZTE for specific patched versions

Vendor Advisory: https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524

Restart Required: Yes

Instructions:

1. Contact ZTE support for security patches. 2. Apply patches according to ZTE documentation. 3. Restart affected ePDG systems. 4. Regenerate all cryptographic keys.

🔧 Temporary Workarounds

Manual Key Regeneration

all

Manually regenerate unique cryptographic keys for all IKE connections

Specific commands depend on ZTE CLI interface - consult ZTE documentation

Network Segmentation

all

Isolate ePDG systems from untrusted networks and implement strict access controls

🧯 If You Can't Patch

Implement network segmentation to limit exposure
Enable comprehensive logging and monitoring of IKE connections

🔍 How to Verify

Check if Vulnerable:

Check if IKE cryptographic keys are using default/non-unique values in ZTE configuration

Check Version:

Consult ZTE documentation for version check commands specific to ZXUN-ePDG

Verify Fix Applied:

Verify that unique cryptographic keys are generated for each IKE session and old keys are invalidated

📡 Detection & Monitoring

Log Indicators:

Multiple IKE session failures
Unusual IKE negotiation patterns
Key exchange anomalies

Network Indicators:

Unusual IKE traffic patterns
Multiple connections using same cryptographic material

SIEM Query:

source="zte-epdg" AND (event_type="ike_failure" OR event_type="key_exchange") | stats count by src_ip, dest_ip

📊 Metadata

CVE ID: CVE-2024-22064

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-1051

Published: May 14, 2024

Last Updated: January 28, 2025

🔗 References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524 Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON