Nonce Reuse Vulnerability in RIOT-OS 802.15.4 Security Component
CVE-2021-41061

5.5MEDIUM

Key Information:

Vendor: Riot-os
Status: Riot
Vendor: CVE Published:; 15 September 2021

What is CVE-2021-41061?

In RIOT-OS version 2021.01, a vulnerability exists within the 802.15.4 encryption process due to nonce reuse in the ieee802154_security component. This flaw allows attackers to potentially exploit the system by triggering reboots, which could lead to the compromise of encrypted data. It is crucial for users of RIOT-OS to be aware of this issue and implement the necessary updates to mitigate related security risks.

References

https://github.com/RIOT-OS/RIOT/issues/16844

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2021
Vulnerability Reserved
Sep 13, 2021

Riot-os

What is CVE-2021-41061?

References

CVSS V3.1

Timeline