CVE-2020-9059

Опубликовано: 10 янв. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 6.1

EPSS Низкий

Описание

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.

Ссылки

https://doi.org/10.1109/ACCESS.2021.3138768
Broken Link
https://github.com/CNK2100/VFuzz-public
Third Party Advisory
https://ieeexplore.ieee.org/document/9663293
Broken Link
https://kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource
https://doi.org/10.1109/ACCESS.2021.3138768
Broken Link
https://github.com/CNK2100/VFuzz-public
Third Party Advisory
https://ieeexplore.ieee.org/document/9663293
Broken Link
https://kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00148

Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-400

CWE-770

Связанные уязвимости

GHSA-v533-m73v-h37v