CVE-2023-4489

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:z\/ip_gateway_sdk:*:*:*:*:*:*:*:*

History

27 Sep 2024, 17:15

Type Values Removed Values Added
Summary (en) The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. (en) The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
CWE CWE-1279

28 Dec 2023, 20:26

Type Values Removed Values Added
CPE cpe:2.3:a:silabs:z\/ip_gateway_sdk:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000buWj0QAE?operationContext=S1 - () https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000buWj0QAE?operationContext=S1 - Permissions Required
References () https://github.com/SiliconLabs/gecko_sdk - () https://github.com/SiliconLabs/gecko_sdk - Third Party Advisory
CWE CWE-908

14 Dec 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 23:15

Updated : 2024-09-27 17:15


NVD link : CVE-2023-4489

Mitre link : CVE-2023-4489

CVE.ORG link : CVE-2023-4489


JSON object : View

Products Affected

silabs

  • z\/ip_gateway_sdk
CWE
CWE-908

Use of Uninitialized Resource

CWE-1279

Cryptographic Operations are run Before Supporting Units are Ready