First published: Thu Oct 26 2023(Updated: )
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.
Credit: product-security@silabs.com
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs Openthread Sdk | <=2.3.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-41095 is critical with a CVSS score of 9.1.
CVE-2023-41095 is a Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) that allows potential modification or extraction of network credentials stored in flash.
Silicon Labs OpenThread SDK version 2.3.1 and earlier are affected by CVE-2023-41095.
To fix CVE-2023-41095, it is recommended to update to a version of Silicon Labs OpenThread SDK that is not affected by the vulnerability.
More information about CVE-2023-41095 can be found at the following reference: [CVE-2023-41095 Reference](https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1)