Lucene search
ZephyrCVE-2023-4258HistorySep 25, 2023 - 10:15 p.m.
CVE-2023-4258
2023-09-2522:15:11
CWE-684
zephyr
web.nvd.nist.gov
78
cve-2023-4258
bluetooth
mesh
provisionee
public key
oob
provisioning
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
0.001
Percentile
20.7%
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
Affected configurations
Node
zephyrprojectzephyrRange<3.4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zephyrproject | zephyr | * | cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "1.14",
"versionType": "git"
}
]
}
]Related
cvelist
cvelist
prion
prion
Information disclosure
2023-09-25 22:15:00
veracode
veracode
Improper Provisioning
2023-10-09 05:04:54
nvd
nvd
CVE-2023-4258
2023-09-25 22:15:11
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
0.001
Percentile
20.7%
Related for CVE-2023-4258