Lucene search

[email protected]CVE-2023-51395

HistoryMar 07, 2024 - 5:15 a.m.

CVE-2023-51395

2024-03-0705:15:53

CWE-119

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-51395

vulnerability

silicon labs

z-wave

end devices

unauthenticated attacker

arbitrary code execution

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "packageName": "Z-Wave SDK",
    "platforms": [
      "ARM",
      "32 bit"
    ],
    "product": "Z-Wave SDK",
    "repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
    "vendor": "Silicon Labs",
    "versions": [
      {
        "status": "unaffected",
        "version": "7.20.0"
      },
      {
        "status": "unaffected",
        "version": "7.19.3"
      },
      {
        "status": "unaffected",
        "version": "7.18.8"
      },
      {
        "status": "unaffected",
        "version": "7.17.5"
      }
    ]
  }
]

References

community.silabs.com/068Vm0000029Xq5

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for CVE-2023-51395

prion2 cvelist2 nvd2 cve1