{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-4013",
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "state": "PUBLISHED",
        "assignerShortName": "Silabs",
        "dateReserved": "2024-04-19T17:58:42.900Z",
        "datePublished": "2024-06-06T21:31:53.472Z",
        "dateUpdated": "2024-08-01T20:26:57.298Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "packageName": "GSDK",
                    "product": "Gecko SDK",
                    "repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
                    "vendor": "silabs.com",
                    "versions": [
                        {
                            "lessThanOrEqual": "2024.06.0",
                            "status": "affected",
                            "version": "3.1.0",
                            "versionType": "semver"
                        }
                    ]
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection \nList (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme \nwas changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#."
                        }
                    ],
                    "value": "A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection \nList (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme \nwas changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-679",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "HIGH",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "LOW",
                        "baseScore": 5.6,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "LOW",
                        "integrityImpact": "LOW",
                        "privilegesRequired": "NONE",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-404",
                            "description": "CWE-404 Improper Resource Shutdown or Release",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
                "shortName": "Silabs",
                "dateUpdated": "2024-06-06T21:31:53.472Z"
            },
            "references": [
                {
                    "tags": [
                        "vendor-advisory",
                        "permissions-required"
                    ],
                    "url": "https://community.silabs.com/068Vm000006rR53"
                },
                {
                    "tags": [
                        "product"
                    ],
                    "url": "https://github.com/SiliconLabs/gecko_sdk/releases"
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "title": "Failure to update BT Mesh Replay Protection List",
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-06-07T19:26:03.113833Z",
                                "id": "CVE-2024-4013",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-07T19:26:14.015Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-01T20:26:57.298Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "tags": [
                            "vendor-advisory",
                            "permissions-required",
                            "x_transferred"
                        ],
                        "url": "https://community.silabs.com/068Vm000006rR53"
                    },
                    {
                        "tags": [
                            "product",
                            "x_transferred"
                        ],
                        "url": "https://github.com/SiliconLabs/gecko_sdk/releases"
                    }
                ]
            }
        ]
    }
}