CVE-2023-6324

Summary

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity

Affected Software

VendorProductVersion RangeStatus
ThroughTekKalay SDK3.1.10.0 <= 3.1.10.16affected
ThroughTekKalay SDK3.2.0.0 <= 3.3.6.1affected
ThroughTekKalay SDK3.4.0.0 <= 3.4.7.3affected
ThroughTekKalay SDK4.0.0.0 <= 4.3.3.1affected

Weaknesses

  • CWE-457: CWE-457 Use of Uninitialized Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References