CVE-2023-41096

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*

History

25 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-26 14:15

Updated : 2024-09-25 17:15

NVD link : CVE-2023-41096

Mitre link : CVE-2023-41096

CVE.ORG link : CVE-2023-41096

JSON object : View

Products Affected

silabs

emberznet_sdk

CWE

CWE-311

Missing Encryption of Sensitive Data

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2023-41096", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2023-10-26T14:15:08.720", "references": [{"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1", "tags": ["Permissions Required"], "source": "product-security@silabs.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}, {"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)\n allows potential modification or extraction of network credentials stored in flash.\n\n\nThis issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier."}, {"lang": "es", "value": "Vulnerabilidad de Falta de Cifrado de Claves de Seguridad en Silicon Labs Ember ZNet SDK de 32 bits, ARM (m\u00f3dulos SecureVault High) permite una posible modificaci\u00f3n o extracci\u00f3n de las credenciales de red almacenadas en la memoria flash. Este problema afecta a Silicon Labs Ember ZNet SDK: 7.3.1 y versiones anteriores."}], "lastModified": "2024-09-25T17:15:14.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B33DB8D2-920F-4929-9C3F-E50CB6E11489", "versionEndIncluding": "7.3.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}