Buffer overflow in S0 Decryption on Z/IP Gatweay
CVE-2023-0972

9.6CRITICAL

Key Information:

Vendor: Silicon Labs
Status: Z/ip Gateway
Vendor: CVE Published:; 21 June 2023

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2023-0972?

A vulnerability exists in SiLabs Z/IP Gateway that allows an unauthenticated attacker within Z-Wave range to exploit a stack buffer overflow. This loophole can lead to arbitrary code execution, posing significant security risks as an attacker could potentially gain control of affected systems without authentication. It is crucial for users to remain vigilant and apply necessary patches or updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Z/IP Gateway 7.18.03

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2023
Vulnerability Reserved
Feb 22, 2023