CVE-2023-4489
CVSS V2 None
CVSS V3 None
Description
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
Overview
- CVE ID
- CVE-2023-4489
- Assigner
- Silabs
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-12-14T23:00:29.693Z
- Last Modified Date
- 2023-12-14T23:00:38.921Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000buWj0QAE?operationContext=S1 | vendor-advisory |
| https://github.com/SiliconLabs/gecko_sdk |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-4489 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4489 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 19:43:59 | Added to TrackCVE |