Lucene search

[email protected]NVD:CVE-2023-41095

HistoryOct 26, 2023 - 2:15 p.m.

CVE-2023-41095

2023-10-2614:15:08

CWE-312

CWE-311

[email protected]

web.nvd.nist.gov

encryption

security keys

vulnerability

silicon labs

openthread sdk

32 bit

arm

securevault high modules

modification

extraction

network credentials

flash

2.3.1

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

29.3%

JSON

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.
This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.

Affected configurations

Nvd

Node

silabsopenthread_sdkRange≤2.3.1.0

VendorProductVersionCPE
silabsopenthread_sdk*cpe:2.3:a:silabs:openthread_sdk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silabs	openthread_sdk	*	cpe:2.3:a:silabs:openthread_sdk::::::::

References

siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

29.3%

JSON

Related for NVD:CVE-2023-41095

cvelist1 vulnrichment1 cve1 prion1