Lucene search
SilabsCVE-2022-24936HistoryNov 02, 2022 - 6:15 p.m.
CVE-2022-24936
2022-11-0218:15:10
CWE-119
CWE-787
Silabs
web.nvd.nist.gov
28
3
cve-2022-24936
out-of-bounds error
gbl parser
silicon labs
gecko bootloader
flash sign key
ota decryption key
security vulnerability
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
46.4%
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
Affected configurations
Node
silabsgecko_bootloaderRange≤4.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| silabs | gecko_bootloader | * | cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Gecko Bootloader",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
Social References
More
Related
prion
prion
Design/Logic Flaw
2022-11-02 18:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-24936
2022-11-02 18:15:10
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
46.4%
Related for CVE-2022-24936