CVE-2023-5310 - OpenCVE

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Silabs	Z-wave Long Range 700 Z-wave Long Range 800 Z-wave Software Development Kit

Configuration 1 [-]

AND

OR	cpe:2.3:h:silabs:z-wave_long_range_700:-:::::::*
	cpe:2.3:h:silabs:z-wave_long_range_800:-:::::::*

cpe:2.3:a:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/SiliconLabs/gecko_sdk/releases
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1

History

No history.

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2023-12-15T16:05:15.120Z

Updated: 2024-08-02T07:52:08.559Z

Reserved: 2023-09-29T18:44:41.563Z

Link: CVE-2023-5310

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-15T16:15:46.117

Modified: 2023-12-21T18:02:21.913

Link: CVE-2023-5310

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5310", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-09-29T18:44:41.563Z", "datePublished": "2023-12-15T16:05:15.120Z", "dateUpdated": "2024-08-02T07:52:08.559Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Gecko SDK", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "7.20.3", "status": "affected", "version": "0", "versionType": "LessThan"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.</span>\n\n"}], "value": "\nA denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.\n\n"}], "impacts": [{"capecId": "CAPEC-601", "descriptions": [{"lang": "en", "value": "CAPEC-601 Jamming"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2023-12-15T16:05:15.120Z"}, "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases"}, {"tags": ["vendor-advisory"], "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"}], "source": {"discovery": "UNKNOWN"}, "title": "Z-Wave Denial of Service caused by Stream of Packets ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.559Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases", "tags": ["x_transferred"]}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:silabs:z-wave_long_range_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "82CF7F87-FBE0-4173-ADA7-BC187486D2A9", "vulnerable": false}, {"criteria": "cpe:2.3:h:silabs:z-wave_long_range_800:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CB5B24F-84B1-4738-B9CA-8D1D5EF192F7", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "501E0DD5-542E-4338-B10A-8DC9DA158F56", "versionEndIncluding": "7.20.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nA denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en todos los controladores y dispositivos de endpoint Z-Wave de Silicon Labs que ejecutan Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) y versiones anteriores. Este ataque solo puede ser llevado a cabo por dispositivos en la red que env\u00edan un flujo de paquetes al dispositivo."}], "id": "CVE-2023-5310", "lastModified": "2023-12-21T18:02:21.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2023-12-15T16:15:46.117", "references": [{"source": "product-security@silabs.com", "tags": ["Release Notes"], "url": "https://github.com/SiliconLabs/gecko_sdk/releases"}, {"source": "product-security@silabs.com", "tags": ["Permissions Required"], "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "product-security@silabs.com", "type": "Secondary"}]}