5.5
CVE-2023-2747
- EPSS 0.04%
- Veröffentlicht 15.06.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:13
- Quelle product-security@silabs.com
- CVE-Watchlists
- Unerledigt
LoginUninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Silabs ≫ Gecko Software Development Kit Version >= 2.0.0 < 2.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.108 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| product-security@silabs.com | 3.1 | 0.5 | 2.5 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-1204 Generation of Weak Initialization Vector (IV)
The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.