cvelistv5 - CVE-2020-9059

CVE-2020-9059 (GCVE-0-2020-9059)

Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-16 19:25

Summary

Severity ?

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

certcc

References

URL

Tags

	https://kb.cert.org/vuls/id/142629	third-party-advisoryx_refsource_CERT-VN
	https://ieeexplore.ieee.org/document/9663293	x_refsource_MISC
	https://github.com/CNK2100/VFuzz-public	x_refsource_MISC
	https://doi.org/10.1109/ACCESS.2021.3138768	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/142629	third-party-advisoryx_refsource_CERT-VN

Impacted products

Vendor

Product

Version

Affected: 3.42

Affected: all

Credits

Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:19:19.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://kb.cert.org/vuls/id/142629"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ieeexplore.ieee.org/document/9663293"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/CNK2100/VFuzz-public"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
          },
          {
            "name": "VU#142629",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/142629"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BE468",
          "vendor": "Schlage",
          "versions": [
            {
              "status": "affected",
              "version": "3.42"
            }
          ]
        },
        {
          "product": "500 series",
          "vendor": "Silicon Labs",
          "versions": [
            {
              "status": "affected",
              "version": "all"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
        }
      ],
      "datePublic": "2021-12-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-07T23:06:13",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://kb.cert.org/vuls/id/142629"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ieeexplore.ieee.org/document/9663293"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/CNK2100/VFuzz-public"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
        },
        {
          "name": "VU#142629",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/142629"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
          "ID": "CVE-2020-9059",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BE468",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "3.42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schlage"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "500 series",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "all"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Silicon Labs"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400 Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cert.org/vuls/id/142629",
              "refsource": "CERT-VN",
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "name": "https://ieeexplore.ieee.org/document/9663293",
              "refsource": "MISC",
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "name": "https://github.com/CNK2100/VFuzz-public",
              "refsource": "MISC",
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
              "refsource": "MISC",
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2020-9059",
    "datePublished": "2022-01-07T04:30:26.522128Z",
    "dateReserved": "2020-02-18T00:00:00",
    "dateUpdated": "2024-09-16T19:25:18.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92760285-A1DD-4569-AD71-834BBF2D9E64\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D07734B8-CA19-4F62-A0AF-1DB87FCBA667\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.\"}, {\"lang\": \"es\", \"value\": \"Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 500 de Silicon Labs que usan la autenticaci\\u00f3n S0 son susceptibles a un consumo de recursos no controlados, conllevando a un agotamiento de la bater\\u00eda. Como ejemplo, la cerradura de puerta Schlage BE468 versi\\u00f3n 3.42 es vulnerable y falla al abrirse con un nivel bajo de bater\\u00eda\"}]",
      "id": "CVE-2020-9059",
      "lastModified": "2024-11-21T05:39:55.950",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 6.1, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-01-10T14:10:16.303",
      "references": "[{\"url\": \"https://doi.org/10.1109/ACCESS.2021.3138768\", \"source\": \"cret@cert.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://github.com/CNK2100/VFuzz-public\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://ieeexplore.ieee.org/document/9663293\", \"source\": \"cret@cert.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://kb.cert.org/vuls/id/142629\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/142629\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://doi.org/10.1109/ACCESS.2021.3138768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://github.com/CNK2100/VFuzz-public\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://ieeexplore.ieee.org/document/9663293\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://kb.cert.org/vuls/id/142629\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/142629\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9059\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2022-01-10T14:10:16.303\",\"lastModified\":\"2024-11-21T05:39:55.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 500 de Silicon Labs que usan la autenticaci\u00f3n S0 son susceptibles a un consumo de recursos no controlados, conllevando a un agotamiento de la bater\u00eda. Como ejemplo, la cerradura de puerta Schlage BE468 versi\u00f3n 3.42 es vulnerable y falla al abrirse con un nivel bajo de bater\u00eda\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":6.1,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92760285-A1DD-4569-AD71-834BBF2D9E64\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07734B8-CA19-4F62-A0AF-1DB87FCBA667\"}]}]}],\"references\":[{\"url\":\"https://doi.org/10.1109/ACCESS.2021.3138768\",\"source\":\"cret@cert.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/CNK2100/VFuzz-public\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://ieeexplore.ieee.org/document/9663293\",\"source\":\"cret@cert.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://kb.cert.org/vuls/id/142629\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/142629\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://doi.org/10.1109/ACCESS.2021.3138768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/CNK2100/VFuzz-public\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://ieeexplore.ieee.org/document/9663293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://kb.cert.org/vuls/id/142629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/142629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

GSD-2020-9059

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-9059

Aliases

CVE-2020-9059

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9059",
    "description": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.",
    "id": "GSD-2020-9059"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9059"
      ],
      "details": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.",
      "id": "GSD-2020-9059",
      "modified": "2023-12-13T01:21:52.785425Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
        "ID": "CVE-2020-9059",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BE468",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "3.42"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schlage"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "500 series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Silicon Labs"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400 Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.cert.org/vuls/id/142629",
            "refsource": "CERT-VN",
            "url": "https://kb.cert.org/vuls/id/142629"
          },
          {
            "name": "https://ieeexplore.ieee.org/document/9663293",
            "refsource": "MISC",
            "url": "https://ieeexplore.ieee.org/document/9663293"
          },
          {
            "name": "https://github.com/CNK2100/VFuzz-public",
            "refsource": "MISC",
            "url": "https://github.com/CNK2100/VFuzz-public"
          },
          {
            "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
            "refsource": "MISC",
            "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
          },
          {
            "name": "VU#142629",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/142629"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2020-9059"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/CNK2100/VFuzz-public",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "name": "https://kb.cert.org/vuls/id/142629",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "name": "https://ieeexplore.ieee.org/document/9663293",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-09-20T17:16Z",
      "publishedDate": "2022-01-10T14:10Z"
    }
  }
}

GHSA-V533-M73V-H37V

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-09-21 00:00

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "MODERATE"
  },
  "details": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.",
  "id": "GHSA-v533-m73v-h37v",
  "modified": "2022-09-21T00:00:40Z",
  "published": "2022-01-11T00:01:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9059"
    },
    {
      "type": "WEB",
      "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CNK2100/VFuzz-public"
    },
    {
      "type": "WEB",
      "url": "https://ieeexplore.ieee.org/document/9663293"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/142629"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/142629"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-202201-0275

Vulnerability from variot - Updated: 2023-12-18 12:34

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications.CVE-2020-10137 Unknown CVE-2020-9057 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. CVE-2020-9058 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. CVE-2020-9059 Affected Vendor Statement: This is a known weakness with S0 security. CVE-2020-9060 Affected Vendor Statement: This is a known weakness with S2 security. CVE-2020-9061 Affected Vendor Statement: This is a known weakness with S0 and S2 security.CVE-2020-10137 Unknown CVE-2020-9057 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. CVE-2020-9058 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. CVE-2020-9059 Affected Vendor Statement: This is a known weakness with S0 security. CVE-2020-9060 Affected Vendor Statement: This is a known weakness with S2 security. CVE-2020-9061 Affected Vendor Statement: This is a known weakness with S0 and S2 security

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0275",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "be468",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "schlage",
        "version": "3.42"
      },
      {
        "model": "500 series",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "silabs",
        "version": "*"
      },
      {
        "model": "500 \u30b7\u30ea\u30fc\u30ba",
        "scope": null,
        "trust": 0.8,
        "vendor": "silicon",
        "version": null
      },
      {
        "model": "be468",
        "scope": null,
        "trust": 0.8,
        "vendor": "schlage",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9059"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9059"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This document was written by Timur Snoke and Art Manion.Statement Date:\u00a0\u00a0 June 30, 2020",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#142629"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-9059",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-9059",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-187184",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-9059",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-9059",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202201-579",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-187184",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications.CVE-2020-10137 Unknown\nCVE-2020-9057 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. \nCVE-2020-9058 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic.  S0 and S2 can encrypt application data. \nCVE-2020-9059 Affected\nVendor Statement:\nThis is a known weakness with S0 security. \nCVE-2020-9060 Affected\nVendor Statement:\nThis is a known weakness with S2 security. \nCVE-2020-9061 Affected\nVendor Statement:\nThis is a known weakness with S0 and S2 security.CVE-2020-10137 Unknown\nCVE-2020-9057 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. \nCVE-2020-9058 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic.  S0 and S2 can encrypt application data. \nCVE-2020-9059 Affected\nVendor Statement:\nThis is a known weakness with S0 security. \nCVE-2020-9060 Affected\nVendor Statement:\nThis is a known weakness with S2 security. \nCVE-2020-9061 Affected\nVendor Statement:\nThis is a known weakness with S0 and S2 security",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9059"
      },
      {
        "db": "CERT/CC",
        "id": "VU#142629"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187184"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9059",
        "trust": 4.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#142629",
        "trust": 3.3
      },
      {
        "db": "JVN",
        "id": "JVNVU94598199",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-579",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-187184",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9059",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#142629"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187184"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ]
  },
  "id": "VAR-202201-0275",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187184"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:34:41.692000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top\u00a0Page Silicon\u00a0Labs,\u00a0Inc.Silicon\u00a0Labs,\u00a0Inc.",
        "trust": 0.8,
        "url": "https://www.schlage.com/en/home.html"
      },
      {
        "title": "Silicon Labs Z-Wave Chipsets Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178622"
      },
      {
        "title": "VFuzz-public",
        "trust": 0.1,
        "url": "https://github.com/cnk2100/vfuzz-public "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-9059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.1
      },
      {
        "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-400",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9059"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://github.com/cnk2100/vfuzz-public"
      },
      {
        "trust": 2.5,
        "url": "https://kb.cert.org/vuls/id/142629"
      },
      {
        "trust": 2.5,
        "url": "https://ieeexplore.ieee.org/document/9663293"
      },
      {
        "trust": 1.7,
        "url": "https://www.kb.cert.org/vuls/id/142629"
      },
      {
        "trust": 1.7,
        "url": "https://doi.org/10.1109/access.2021.3138768"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9059"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94598199/index.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187184"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#142629"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187184"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#142629"
      },
      {
        "date": "2022-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187184"
      },
      {
        "date": "2023-02-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "date": "2022-01-10T14:10:16.303000",
        "db": "NVD",
        "id": "CVE-2020-9059"
      },
      {
        "date": "2022-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#142629"
      },
      {
        "date": "2022-09-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187184"
      },
      {
        "date": "2023-02-10T08:29:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-017816"
      },
      {
        "date": "2022-09-20T17:16:54.653000",
        "db": "NVD",
        "id": "CVE-2020-9059"
      },
      {
        "date": "2022-09-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Silicon Labs Z-Wave chipsets contain multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#142629"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-579"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2020-9059

Vulnerability from fkie_nvd - Published: 2022-01-10 14:10 - Updated: 2024-11-21 05:39

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cret@cert.org	https://doi.org/10.1109/ACCESS.2021.3138768	Broken Link
cret@cert.org	https://github.com/CNK2100/VFuzz-public	Third Party Advisory
cret@cert.org	https://ieeexplore.ieee.org/document/9663293	Broken Link
cret@cert.org	https://kb.cert.org/vuls/id/142629	Third Party Advisory, US Government Resource
cret@cert.org	https://www.kb.cert.org/vuls/id/142629	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://doi.org/10.1109/ACCESS.2021.3138768	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://github.com/CNK2100/VFuzz-public	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ieeexplore.ieee.org/document/9663293	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://kb.cert.org/vuls/id/142629	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/142629	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	silabs	500_series_firmware	*
	schlage	be468	3.42

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92760285-A1DD-4569-AD71-834BBF2D9E64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "D07734B8-CA19-4F62-A0AF-1DB87FCBA667",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 500 de Silicon Labs que usan la autenticaci\u00f3n S0 son susceptibles a un consumo de recursos no controlados, conllevando a un agotamiento de la bater\u00eda. Como ejemplo, la cerradura de puerta Schlage BE468 versi\u00f3n 3.42 es vulnerable y falla al abrirse con un nivel bajo de bater\u00eda"
    }
  ],
  "id": "CVE-2020-9059",
  "lastModified": "2024-11-21T05:39:55.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-10T14:10:16.303",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/CNK2100/VFuzz-public"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://ieeexplore.ieee.org/document/9663293"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://kb.cert.org/vuls/id/142629"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/142629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/CNK2100/VFuzz-public"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://ieeexplore.ieee.org/document/9663293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://kb.cert.org/vuls/id/142629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/142629"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9059 (GCVE-0-2020-9059)

GSD-2020-9059

GHSA-V533-M73V-H37V

VAR-202201-0275

FKIE_CVE-2020-9059

Tags

Sightings

Nomenclature