CVE-2023-41096 MEDIUM

CVE-2023-41096: Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices

Weakness CWE-312 · Cleartext storage
Published October 26, 2023
Last update September 25, 2024

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.

Key dates

02Disclosure timeline

October 26, 2023 CVE published
September 25, 2024 Record updated