CVE-2021-37605

Опубликовано: 05 авг. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.

Ссылки

https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf
Vendor Advisory
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf
Release Notes
Vendor Advisory
https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads
Vendor Advisory
https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability
Vendor Advisory
https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol
Vendor Advisory
https://www.microchip.com/product-change-notifications/#/
Vendor Advisory
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf
Vendor Advisory
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf
Release Notes
Vendor Advisory
https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads
Vendor Advisory
https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability
Vendor Advisory
https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol
Vendor Advisory
https://www.microchip.com/product-change-notifications/#/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microchip:miwi:6.5:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00466

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-670

Связанные уязвимости

GHSA-22wm-6r58-545p