Lucene search

SilabsCVELIST:CVE-2023-41095

HistoryOct 26, 2023 - 1:10 p.m.

CVE-2023-41095 Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices

2023-10-2613:10:11

CWE-312

Silabs

www.cve.org

cve-2023-41095

keys stored in plaintext

securevault high

silabs openthread

missing encryption

security keys

silicon labs

openthread sdk

32 bit

arm

network credentials

flash

vulnerability

modification

extraction

2.3.1

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

29.3%

JSON

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.
This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "SecureVault High"
    ],
    "platforms": [
      "32 bit",
      "ARM"
    ],
    "product": "OpenThread SDK",
    "repo": "https://github.com/SiliconLabs/gecko_sdk",
    "vendor": "silabs.com",
    "versions": [
      {
        "status": "unaffected",
        "version": "2.3.2"
      }
    ]
  }
]

References

siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

29.3%

JSON

Related for CVELIST:CVE-2023-41095