Security professionals in OT should be aware that CVE-2024-22064 exposes a vulnerability in ZTE ZXUN-ePDG, a network node in VoWiFi systems. Due to a configuration error, non-unique cryptographic keys are used during secure connections (IKE) with mobile devices. If these keys are compromised, user session information could be leaked, posing a security risk to OT networks.
From the CVE database:
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.
https://www.cve.org/CVERecord?id=CVE-2024-22064