CVE-2024-3297 Vulnerability Details

  /     /     /  

CVE-2024-3297 Metadata Quick Info

CVE Published: 24/07/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: Bitdefender | Vendor: Connectivity Standards Alliance | Product: Matter
Status : PUBLISHED

---

CVE-2024-3297 Description

An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled.

Metrics

CVSS Version: 3.1 | Base Score: 6.5 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-400
CWE Name: CWE-400 Uncontrolled Resource Consumption
Source: Connectivity Standards Alliance

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-125
CAPEC Description: CAPEC-125 Flooding


Source: NVD (National Vulnerability Database).