CVE-2023-41095 MEDIUM

CVE-2023-41095: Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices

Weakness CWE-312 · Cleartext storage
Published October 26, 2023
Last update September 25, 2024

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.

Key dates

02Disclosure timeline

October 26, 2023 CVE published
September 25, 2024 Record updated