Lucene search

[email protected]NVD:CVE-2020-9060

HistoryJan 10, 2022 - 2:10 p.m.

CVE-2020-9060

2022-01-1014:10:16

CWE-400

CWE-346

[email protected]

web.nvd.nist.gov

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.6%

JSON

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

Affected configurations

NVD

Node

silabs500_series_firmware

Node

aeoteczw090-aMatch3.95

fibarofgwpb-111Match4.3

zoozzen20Match5.03

zoozzen25Match5.03

zoozzst10Match6.04

References

doi.org/10.1109/ACCESS.2021.3138768

github.com/CNK2100/VFuzz-public

ieeexplore.ieee.org/document/9663293

kb.cert.org/vuls/id/142629

www.kb.cert.org/vuls/id/142629

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.6%

JSON

Related for NVD:CVE-2020-9060

cvelist1 cve1 prion1 cert1