CVE-2024-4013 Vulnerability Details

  /     /     /  

CVE-2024-4013 Metadata Quick Info

CVE Published: 06/06/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: Silabs | Vendor: silabs.com | Product: Gecko SDK
Status : PUBLISHED

CVE-2024-4013 Description

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#.

Metrics

CVSS Version: 3.1 | Base Score: 5.6 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-404
CWE Name: CWE-404 Improper Resource Shutdown or Release
Source: silabs.com

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-679
CAPEC Description: CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-4013 Vulnerability Details