CVE-2023-2747

EPSS 0.03%
Veröffentlicht 15.06.2023 20:15:09
Zuletzt bearbeitet 21.11.2024 07:59:13
Quelle product-security@silabs.com
Teams Watchlist Login
Unerledigt Login

The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Silabs ≫ Gecko Software Development Kit Version >= 2.0.0 < 2.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
product-security@silabs.com	3.1	0.5	2.5	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-1204 Generation of Weak Initialization Vector (IV)

The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://github.com/SiliconLabs/gecko_sdk

Product

https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-2747

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2747

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2747

EUVD