Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-9060
HistoryJan 10, 2022 - 2:10 p.m.

CVE-2020-9060

2022-01-1014:10:16
CWE-400
CWE-346
[email protected]
web.nvd.nist.gov
20
cve-2020-9060
z-wave
silicon labs
500 series
dos
resource exhaustion
vulnerability
nvd

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

Affected configurations

NVD
Node
silabs500_series_firmware
Node
aeoteczw090-aMatch3.95
OR
fibarofgwpb-111Match4.3
OR
zoozzen20Match5.03
OR
zoozzen25Match5.03
OR
zoozzst10Match6.04

CNA Affected

[
  {
    "product": "ZEN25",
    "vendor": "ZooZ",
    "versions": [
      {
        "status": "affected",
        "version": "5.03"
      }
    ]
  },
  {
    "product": "ZEN20",
    "vendor": "ZooZ",
    "versions": [
      {
        "status": "affected",
        "version": "5.03"
      }
    ]
  },
  {
    "product": "ZST10",
    "vendor": "ZooZ",
    "versions": [
      {
        "status": "affected",
        "version": "6.04"
      }
    ]
  },
  {
    "product": "FGWPB-111",
    "vendor": "Fibaro",
    "versions": [
      {
        "status": "affected",
        "version": "4.3"
      }
    ]
  },
  {
    "product": "500 series",
    "vendor": "Silicon Labs",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "ZW090-A",
    "vendor": "Aeon Labs",
    "versions": [
      {
        "status": "affected",
        "version": "3.95"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
cert 1
cvelist
cvelist
CVE-2020-9060
2021-12-27 00:00:00
prion
prion
Design/Logic Flaw
2022-01-10 14:10:00
nvd
nvd
CVE-2020-9060
2022-01-10 14:10:16
cert
cert
Silicon Labs Z-Wave chipsets contain multiple vulnerabilities
2022-01-07 00:00:00

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON
Related for CVE-2020-9060
cvelist1prion1nvd1cert1