CVE-2020-9059
Last modified
CVE-2020-9059 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Silabs | 500 Series Firmware | All versions |
| Schlage | Be468 | 3.42 |
References
- https://doi.org/10.1109/ACCESS.2021.3138768Broken Link
- https://github.com/CNK2100/VFuzz-publicThird Party Advisory
- https://ieeexplore.ieee.org/document/9663293Broken Link
- https://kb.cert.org/vuls/id/142629Third Party Advisory, US Government Resource
- https://www.kb.cert.org/vuls/id/142629Third Party Advisory, US Government Resource
- https://doi.org/10.1109/ACCESS.2021.3138768Broken Link
- https://github.com/CNK2100/VFuzz-publicThird Party Advisory
- https://ieeexplore.ieee.org/document/9663293Broken Link
- https://kb.cert.org/vuls/id/142629Third Party Advisory, US Government Resource
- https://www.kb.cert.org/vuls/id/142629Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9059?
How severe is CVE-2020-9059?
How do I fix CVE-2020-9059?
Are you affected by CVE-2020-9059?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST