Lucene search

[email protected]CVE-2023-6874

HistoryFeb 05, 2024 - 6:15 p.m.

CVE-2023-6874

2024-02-0518:15:51

CWE-754

[email protected]

web.nvd.nist.gov

cve-2023-6874

ember znet

denial of service

nwk sequence number

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.1%

JSON

Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number

CPENameOperatorVersion
silabs:gecko_software_development_kitsilabs gecko software development kitlt4.4.0
silabs:gecko_software_development_kitsilabs gecko software development kiteq4.1.3
silabs:gecko_software_development_kitsilabs gecko software development kiteq2.0.1
silabs:gecko_software_development_kitsilabs gecko software development kiteq2.0.2
silabs:gecko_software_development_kitsilabs gecko software development kiteq4.1.0
silabs:gecko_software_development_kitsilabs gecko software development kiteq4.2.3
silabs:gecko_software_development_kitsilabs gecko software development kiteq2.2.0
silabs:gecko_software_development_kitsilabs gecko software development kiteq4.1.1
silabs:gecko_software_development_kitsilabs gecko software development kiteq2.1.2
silabs:gecko_software_development_kitsilabs gecko software development kiteq4.1.5

CPE	Name	Operator	Version
silabs:gecko_software_development_kit	silabs gecko software development kit	lt	4.4.0
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	4.1.3
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	2.0.1
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	2.0.2
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	4.1.0
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	4.2.3
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	2.2.0
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	4.1.1
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	2.1.2
silabs:gecko_software_development_kit	silabs gecko software development kit	eq	4.1.5

Rows per page:

1-10 of 291

References

community.silabs.com/069Vm000000WXaOIAW

github.com/SiliconLabs/gecko_sdk

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.1%

JSON

Related for CVE-2023-6874

cvelist1 osv1 prion1