CVE-2023-4489

SiliconLabs/gecko_sdk

on github

Published

December 14, 2023

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

N/A

Description

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.

References

https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000buWj0QAE?operationContext=S1
https://github.com/SiliconLabs/gecko_sdk

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:silabs:z\/ip_gateway_sdk::::::::	n/a	7.18.03 (including)	*

External Links

NVD - CVE-2023-4489