OpenCVE

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Silabs	Emberznet

Configuration 1 [-]

OR	cpe:2.3:a:silabs:emberznet::::::::
	cpe:2.3:a:silabs:emberznet::::::::

No data.

References

Link	Providers
https://community.silabs.com/0688Y00000aIPzL

History

Thu, 26 Sep 2024 21:45:00 +0000

Type	Values Removed	Values Added
Description	TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected	TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected
Weaknesses		CWE-940

Thu, 19 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2023-10-04T20:01:16.250Z

Updated: 2024-09-26T21:39:11.670Z

Reserved: 2023-08-23T04:17:16.169Z

Link: CVE-2023-41094

Vulnrichment

Updated: 2024-08-02T18:46:11.841Z

NVD

Status : Modified

Published: 2023-10-04T21:15:09.963

Modified: 2024-09-26T22:15:03.453

Link: CVE-2023-41094

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41094", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-08-23T04:17:16.169Z", "datePublished": "2023-10-04T20:01:16.250Z", "dateUpdated": "2024-09-26T21:39:11.670Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["TouchLink"], "platforms": ["32 bit", "ARM"], "product": "Ember ZNet", "repo": "https://github.com/SiliconLabs/gecko_sdk", "vendor": "Silicon Labs", "versions": [{"lessThanOrEqual": "7.1.5", "status": "affected", "version": "7.1.3", "versionType": "7.1.x"}, {"lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "7.2.x"}, {"status": "unaffected", "version": "7.3.0"}]}], "datePublic": "2023-09-22T20:32:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration</span>\n\n<p>This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected<br></p>"}], "value": "TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration\n\nThis issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected"}], "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-940", "description": "CWE-940 Improper Verification of Source of a Communication Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-26T21:39:11.670Z"}, "references": [{"url": "https://community.silabs.com/0688Y00000aIPzL"}], "source": {"advisory": "https://community.silabs.com/0688Y00000aIPzL", "discovery": "INTERNAL"}, "title": "Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.841Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.silabs.com/0688Y00000aIPzL", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-19T19:10:01.864508Z", "id": "CVE-2023-41094", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T19:11:31.483Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.silabs.com/0688Y00000aIPzL", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.841Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41094", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-19T19:10:01.864508Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T19:11:08.299Z"}}], "cna": {"title": "Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet", "source": {"advisory": "https://community.silabs.com/0688Y00000aIPzL", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/SiliconLabs/gecko_sdk", "vendor": "Silicon Labs", "modules": ["TouchLink"], "product": "Ember ZNet", "versions": [{"status": "affected", "version": "7.1.3", "versionType": "7.1.x", "lessThanOrEqual": "7.1.5"}, {"status": "affected", "version": "7.2.0", "versionType": "7.2.x", "lessThanOrEqual": "7.2.3"}, {"status": "unaffected", "version": "7.3.0"}], "platforms": ["32 bit", "ARM"], "defaultStatus": "unaffected"}], "datePublic": "2023-09-22T20:32:00.000Z", "references": [{"url": "https://community.silabs.com/0688Y00000aIPzL"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration\n\nThis issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration</span>\n\n<p>This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-940", "description": "CWE-940 Improper Verification of Source of a Communication Channel"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-26T21:39:11.670Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41094", "state": "PUBLISHED", "dateUpdated": "2024-09-26T21:39:11.670Z", "dateReserved": "2023-08-23T04:17:16.169Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2023-10-04T20:01:16.250Z", "assignerShortName": "Silabs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA8DEDFD-4DFD-4D09-A139-2184F9BB747F", "versionEndIncluding": "7.1.5", "versionStartIncluding": "7.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*", "matchCriteriaId": "86784D6A-6C2A-4F5F-8D06-5E0749775A8E", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration\n\nThis issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected"}, {"lang": "es", "value": "Los paquetes TouchLink procesados despu\u00e9s del tiempo de espera o fuera del alcance debido a la operaci\u00f3n de un recurso despu\u00e9s de la caducidad y la falta de liberaci\u00f3n del recurso despu\u00e9s de la vida \u00fatil efectiva pueden permitir que se agregue un dispositivo fuera del alcance v\u00e1lido de TouchLink o de la duraci\u00f3n del emparejamiento. Este problema afecta a Ember ZNet 7.1.x desde 7.1 .3 a 7.1.5; 7.2.x desde 7.2.0 hasta 7.2.3; La versi\u00f3n 7.3 y posteriores no se ven afectadas"}], "id": "CVE-2023-41094", "lastModified": "2024-09-26T22:15:03.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2023-10-04T21:15:09.963", "references": [{"source": "product-security@silabs.com", "tags": ["Permissions Required"], "url": "https://community.silabs.com/0688Y00000aIPzL"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-672"}, {"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-940"}], "source": "product-security@silabs.com", "type": "Secondary"}]}