CVE-2023-41095
Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.
This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.
Vulnerabilidad de falta de cifrado de claves de seguridad en Silicon Labs OpenThread SDK de 32 bits, ARM (módulos SecureVault High) permite una posible modificación o extracción de credenciales de red almacenadas en la memoria flash. Este problema afecta al SDK OpenThread de Silicon Labs: 2.3.1 y versiones anteriores.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-23 CVE Reserved
- 2023-10-26 CVE Published
- 2024-09-25 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-311: Missing Encryption of Sensitive Data
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
- CAPEC-458: Flash Memory Attacks
References (0)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Silabs Search vendor "Silabs" | Openthread Sdk Search vendor "Silabs" for product "Openthread Sdk" | <= 2.3.1.0 Search vendor "Silabs" for product "Openthread Sdk" and version " <= 2.3.1.0" | - |
Affected
| ||||||