CVE-2023-41094

{"id": "CVE-2023-41094", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2023-10-04T21:15:09.963", "references": [{"url": "https://community.silabs.com/0688Y00000aIPzL", "tags": ["Permissions Required"], "source": "product-security@silabs.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-672"}, {"lang": "en", "value": "CWE-772"}]}, {"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-672"}, {"lang": "en", "value": "CWE-772"}]}], "descriptions": [{"lang": "en", "value": "\nTouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration\n\nThis issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected\n\n\n"}, {"lang": "es", "value": "Los paquetes TouchLink procesados despu\u00e9s del tiempo de espera o fuera del alcance debido a la operaci\u00f3n de un recurso despu\u00e9s de la caducidad y la falta de liberaci\u00f3n del recurso despu\u00e9s de la vida \u00fatil efectiva pueden permitir que se agregue un dispositivo fuera del alcance v\u00e1lido de TouchLink o de la duraci\u00f3n del emparejamiento. Este problema afecta a Ember ZNet 7.1.x desde 7.1 .3 a 7.1.5; 7.2.x desde 7.2.0 hasta 7.2.3; La versi\u00f3n 7.3 y posteriores no se ven afectadas"}], "lastModified": "2023-10-10T19:40:06.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA8DEDFD-4DFD-4D09-A139-2184F9BB747F", "versionEndIncluding": "7.1.5", "versionStartIncluding": "7.1.3"}, {"criteria": "cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86784D6A-6C2A-4F5F-8D06-5E0749775A8E", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}