Lucene search

SilabsCVELIST:CVE-2023-6874

HistoryFeb 05, 2024 - 5:39 p.m.

CVE-2023-6874 Zigbee Unauthenticated DoS via NWK Sequence number manipulation

2024-02-0517:39:43

CWE-754

Silabs

www.cve.org

cve-2023-6874

zigbee

denial of service

nwk sequence

ember znet

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "GSDK",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "7.4.0",
        "status": "affected",
        "version": "0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/069Vm000000WXaOIAW

github.com/SiliconLabs/gecko_sdk

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-6874