CVE-2023-2747

EPSS 0.03%
Published 15.06.2023 20:15:09
Last modified 21.11.2024 07:59:13
Source product-security@silabs.com
Teams watchlist Login
Open Login

The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Silabs ≫ Gecko Software Development Kit Version >= 2.0.0 < 2.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
product-security@silabs.com	3.1	0.5	2.5	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-1204 Generation of Weak Initialization Vector (IV)

The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://github.com/SiliconLabs/gecko_sdk

Product

https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-2747

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2747

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2747

EUVD