CVE-2020-9059

{"id": "CVE-2020-9059", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-01-10T14:10:16.303", "references": [{"url": "https://doi.org/10.1109/ACCESS.2021.3138768", "tags": ["Broken Link"], "source": "cret@cert.org"}, {"url": "https://github.com/CNK2100/VFuzz-public", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://ieeexplore.ieee.org/document/9663293", "tags": ["Broken Link"], "source": "cret@cert.org"}, {"url": "https://kb.cert.org/vuls/id/142629", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/142629", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."}, {"lang": "es", "value": "Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 500 de Silicon Labs que usan la autenticaci\u00f3n S0 son susceptibles a un consumo de recursos no controlados, conllevando a un agotamiento de la bater\u00eda. Como ejemplo, la cerradura de puerta Schlage BE468 versi\u00f3n 3.42 es vulnerable y falla al abrirse con un nivel bajo de bater\u00eda"}], "lastModified": "2022-09-20T17:16:54.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92760285-A1DD-4569-AD71-834BBF2D9E64"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07734B8-CA19-4F62-A0AF-1DB87FCBA667"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}