CVE-2024-3454 LOW

CVE-2024-3454: In-Fabric Matter Cluster Attribute Disclosure

Vendor Connectivity Standards Alliance
Product connectedhomeip
Weakness CWE-209 · Error message info leak
Published July 24, 2024
Last update August 1, 2024

CVSS base score

3.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.

Key dates

02Disclosure timeline

July 24, 2024 CVE published
August 1, 2024 Record updated