CVE-2023-51392
23.02.2024, 17:15
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.Enginsight
| Vendor | Product | Version |
|---|---|---|
| silabs | emberznet | 7.2.0 ≤ 𝑥 ≤ 7.2.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1240 - Use of a Cryptographic Primitive with a Risky ImplementationTo fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.
- CWE-327 - Use of a Broken or Risky Cryptographic AlgorithmThe use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.