Lucene search

SilabsCVELIST:CVE-2023-41096

HistoryOct 26, 2023 - 1:10 p.m.

CVE-2023-41096 Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices

2023-10-2613:10:34

CWE-311

Silabs

www.cve.org

cve-2023-41096; keys stored in plaintext; missing encryption; security keys; silicon labs ember znet sdk; 32 bit arm; flash storage

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.2%

JSON

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)
allows potential modification or extraction of network credentials stored in flash.

This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "SecureVault High"
    ],
    "platforms": [
      "32 bit",
      "ARM"
    ],
    "product": "Ember ZNet SDK",
    "repo": "https://github.com/SiliconLabs/gecko_sdk",
    "vendor": "silabs.com",
    "versions": [
      {
        "status": "unaffected",
        "version": "7.3.2"
      }
    ]
  }
]

References

siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for CVELIST:CVE-2023-41096