The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
References
Link | Resource |
---|---|
https://github.com/SiliconLabs/gecko_sdk | Third Party Advisory |
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000buWj0QAE?operationContext=S1 | Permissions Required |
Configurations
History
27 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | |
CWE | CWE-1279 |
28 Dec 2023, 20:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:silabs:z\/ip_gateway_sdk:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000buWj0QAE?operationContext=S1 - Permissions Required | |
References | () https://github.com/SiliconLabs/gecko_sdk - Third Party Advisory | |
CWE | CWE-908 |
14 Dec 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 23:15
Updated : 2024-09-27 17:15
NVD link : CVE-2023-4489
Mitre link : CVE-2023-4489
CVE.ORG link : CVE-2023-4489
JSON object : View
Products Affected
silabs
- z\/ip_gateway_sdk