CVE-2024-3454

EUVD-2024-32041
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 LOW
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
BitdefenderCNA
3.5 LOW
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
csa-iotmatter
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bitdefender.com/support/security-advisories/in-fabric-matter-cluster-attribute-disclosure/
https://www.bitdefender.com/support/security-advisories/in-fabric-matter-cluster-attribute-disclosure/