CVE-2023-4489

Summary

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.

Affected Software

VendorProductVersion RangeStatus
silabs.comZ/IP Gateway SDK0 <= 7.18.3affected

Weaknesses

  • CWE-1279: CWE-1279 Cryptographic Operations are run Before Supporting Units are Ready

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References