Silicon Labs Z-Wave SDK up to 7.17.4/7.18.7/7.19.2 on ARM32 buffer overflow
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.6 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in Silicon Labs Z-Wave SDK up to 7.17.4/7.18.7/7.19.2 on ARM32. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to buffer overflow. This vulnerability is registered as CVE-2023-51395. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.
Details
A vulnerability classified as critical was found in Silicon Labs Z-Wave SDK up to 7.17.4/7.18.7/7.19.2 on ARM32. This vulnerability affects an unknown functionality. The manipulation with an unknown input leads to a buffer overflow vulnerability. The CWE definition for the vulnerability is CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
The weakness was published 03/07/2024. The advisory is available at community.silabs.com. This vulnerability was named CVE-2023-51395 since 12/18/2023. The technical details are unknown and an exploit is not available.
Upgrading to version 7.17.5, 7.18.8, 7.19.3 or 7.20.0 eliminates this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.8VulDB Meta Temp Score: 8.6
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 8.8
CNA Vector (Silicon Labs): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Buffer overflowCWE: CWE-120 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Z-Wave SDK 7.17.5/7.18.8/7.19.3/7.20.0
Timeline
12/18/2023 🔍03/07/2024 🔍
03/07/2024 🔍
09/26/2024 🔍
Sources
Advisory: community.silabs.comStatus: Confirmed
CVE: CVE-2023-51395 (🔍)
GCVE (CVE): GCVE-0-2023-51395
GCVE (VulDB): GCVE-100-255970
Entry
Created: 03/07/2024 07:11Updated: 09/26/2024 01:42
Changes: 03/07/2024 07:11 (50), 09/26/2024 01:42 (16)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.