Back

In-Fabric Matter Cluster Attribute Disclosure

Publication date: July 24th, 2024


CVE ID:
CVE-2024-3454
CVSS scrore:
3.5 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected vendors:
Connectivity Standards Alliance
Affected products:
connectedhomeip
Vulnerability details:

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.

Credit:
Bela Genge, Bitdefender