CVE-2024-3454
In-Fabric Matter Cluster Attribute Disclosure
Severity Score
3.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.
Un problema de implementación en el protocolo Connectivity Standards Alliance Matter 1.2, tal como se utiliza en el SDK de connecthomeip, permite a un tercero revelar información sobre dispositivos que forman parte del mismo tejido (footprinting), aunque el protocolo está diseñado para impedir el acceso a dicha información.
*Credits:
Bela Genge, Bitdefender
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-04-08 CVE Reserved
- 2024-07-24 CVE Published
- 2024-07-25 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-209: Generation of Error Message Containing Sensitive Information
CAPEC
- CAPEC-169: Footprinting
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.bitdefender.com/support/security-advisories/in-fabric-matter-cluster-attribute-disclosure | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Connectivity Standards Alliance Search vendor "Connectivity Standards Alliance" | Connectedhomeip Search vendor "Connectivity Standards Alliance" for product "Connectedhomeip" | 1.2.0.1 Search vendor "Connectivity Standards Alliance" for product "Connectedhomeip" and version "1.2.0.1" | en |
Affected
| ||||||