CVE-2023-51392

Summary

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.

Affected Software

VendorProductVersion RangeStatus
silabs.comEmber ZNet SDK7.2.0 < 7.4.0affected

Weaknesses

  • CWE-1240: CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References