CVE-2023-4489
on github
Published
Severity
CVSS v3:
9.8 CRITICAL
CVSS v2:
N/A
Description
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:silabs:z\/ip_gateway_sdk:*:*:*:*:*:*:*:* | n/a | 7.18.03 (including) | * |