Lucene search

[email protected]CVE-2023-41095

HistoryOct 26, 2023 - 2:15 p.m.

CVE-2023-41095

2023-10-2614:15:08

CWE-311

[email protected]

web.nvd.nist.gov

cve-2023-41095

missing encryption

security keys

silicon labs

openthread sdk

vulnerability

network credentials

32 bit arm

securevault high modules

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.
This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.

Affected configurations

NVD

Node

silabsopenthread_sdkRange≤2.3.1.0

CPENameOperatorVersion
silabs:openthread_sdksilabs openthread sdkle2.3.1.0

CPE	Name	Operator	Version
silabs:openthread_sdk	silabs openthread sdk	le	2.3.1.0

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "SecureVault High"
    ],
    "platforms": [
      "32 bit",
      "ARM"
    ],
    "product": "OpenThread SDK",
    "repo": "https://github.com/SiliconLabs/gecko_sdk",
    "vendor": "silabs.com",
    "versions": [
      {
        "status": "unaffected",
        "version": "2.3.2"
      }
    ]
  }
]

References

siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for CVE-2023-41095

prion1 nvd1 cvelist1