CVE-2023-41094
Published: 04 October 2023
Summary
CVE-2023-41094 is a critical-severity Improper Verification of Source of a Communication Channel (CWE-940) vulnerability in Silabs Emberznet. Its CVSS base score is 10.0 (Critical).
Operationally, ranked at the 23.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-45614
Vulnerability details
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration…
more
This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Enforces verification of the source of a communication channel by requiring identification and authentication of services first.
Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses.
Requires explicit verification of the source and integrity of the channel used for authentication and other security functions.
Provides the means to verify the source of name-resolution responses instead of relying on unauthenticated channels.
Requires explicit verification of the communication source, blocking session hijacking via spoofed or alternate channels.