CVE-2023-51392 MEDIUM

CVE-2023-51392: Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM

Vendor Silabs.com
Product Ember ZNet SDK
Weakness CWE-1240
Published February 23, 2024
Last update April 22, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.

Key dates

02Disclosure timeline

February 23, 2024 CVE published
April 22, 2025 Record updated