Lucene search

[email protected]NVD:CVE-2023-41096

HistoryOct 26, 2023 - 2:15 p.m.

CVE-2023-41096

2023-10-2614:15:08

CWE-312

CWE-311

[email protected]

web.nvd.nist.gov

cve-2023-41096

encryption

security keys

silicon labs

32 bit

arm

securevault high

modification

extraction

network credentials

flash

vulnerability

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

17.0%

JSON

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)
allows potential modification or extraction of network credentials stored in flash.

This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.

Affected configurations

Nvd

Node

silabsemberznet_sdkRange≤7.3.1.0

VendorProductVersionCPE
silabsemberznet_sdk*cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silabs	emberznet_sdk	*	cpe:2.3:a:silabs:emberznet_sdk::::::::

References

siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2023-41096

vulnrichment1 cvelist1 prion1 cve1