Vulnerabilities > CVE-2024-3297 - Unspecified vulnerability in Csa-Iot Matter

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

csa-iot

NVD

Published: 2024-07-24

Updated: 2024-09-10

Summary

An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled.

Vulnerable Configurations

Part	Description	Count
Application	Csa-Iot CSA IOT Matter -	1

References

https://www.bitdefender.com/support/security-advisories/session-establishment-lock-up-during-replay-of-case-sigma1-messages/