GHSA-22wm-6r58-545p

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2021-37605
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf
https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads
https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability
https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol
https://www.microchip.com/product-change-notifications/#

EPSS

Процентиль: 64%

0.00466

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-37605

Дефекты

CWE-863

Связанные уязвимости

CVE-2021-37605

CVSS3: 7.5

nvd

около 4 лет назад

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.

EPSS

Процентиль: 64%

0.00466

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-37605

Дефекты

CWE-863