Sign-up

ID

VAR-202307-2352


CVE

CVE-2023-2626


DESCRIPTION

There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range.

Trust: 1.0

sources: NVD: CVE-2023-2626

AFFECTED PRODUCTS

vendor:googlemodel:nest hub maxscope:ltversion:10.20221207.2.120

Trust: 1.0

vendor:googlemodel:nest hubscope:ltversion:10.20221207.2.100042

Trust: 1.0

vendor:googlemodel:wifiscope:ltversion:14150.882.9

Trust: 1.0

vendor:googlemodel:nest hubscope:gteversion:10.20221207.2.100038

Trust: 1.0

vendor:googlemodel:nest wifi 6escope:gteversion:1.59

Trust: 1.0

vendor:googlemodel:nest wifi pointscope:ltversion:1.56.368671

Trust: 1.0

vendor:googlemodel:nest wifi 6escope:ltversion:1.63.355999

Trust: 1.0

vendor:googlemodel:nest hub maxscope:gteversion:10.20221207.2.109

Trust: 1.0

vendor:googlemodel:wifiscope:gteversion:14150.881.7

Trust: 1.0

vendor:googlemodel:nest wifi pointscope:gteversion:1.56.1

Trust: 1.0

sources: NVD: CVE-2023-2626

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-2626
value: HIGH

Trust: 1.0

cve-coordination@google.com: CVE-2023-2626
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2023-2626
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve-coordination@google.com: CVE-2023-2626
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-2626 // NVD: CVE-2023-2626

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

sources: NVD: CVE-2023-2626

EXTERNAL IDS

db:NVDid:CVE-2023-2626

Trust: 1.0

sources: NVD: CVE-2023-2626

REFERENCES

url:https://support.google.com/product-documentation/answer/13588832?hl=en&ref_topic=12974021&sjid=7833436865896465963-na#zippy=%2cnest-wifi

Trust: 1.0

sources: NVD: CVE-2023-2626

SOURCES

db:NVDid:CVE-2023-2626

LAST UPDATE DATE

2024-08-14T15:05:33.196000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-2626date:2024-05-21T04:15:11.727

SOURCES RELEASE DATE

db:NVDid:CVE-2023-2626date:2023-07-25T18:15:10.690