Lucene search

SilabsVULNRICHMENT:CVE-2023-41094

HistoryOct 04, 2023 - 8:01 p.m.

CVE-2023-41094 Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet

2023-10-0420:01:16

CWE-940

Silabs

github.com

cve-2023-41094

touchlink authentication bypass

ember znet

operation on a resource

missing release of resource

valid touchlink range

pairing duration

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration

This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected

References

community.silabs.com/0688Y00000aIPzL

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-41094