CVE-2024-3454

Published: Jul 24, 2024Modified: Nov 21, 2024

3.5

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.1 / Impact: 1.4

Source: NVD

Description

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.

Affected (1)

Products: Csa Iot: Matter

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Csa Iot Matter	All versions

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://www.bitdefender.com/support/security-advisories/in-fabric-matter-cluster-attribute-disclosure/

Source: cve-requests@bitdefender.com

Third Party Advisory

https://www.bitdefender.com/support/security-advisories/in-fabric-matter-cluster-attribute-disclosure/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.