CVE-2024-3297

MEDIUM

Matter - Denial of Service via CASE Sigma1 Message Replay

Title source: llm

Description

An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled.

References (1)

Core 1

Core References

Third Party Advisory

https://www.bitdefender.com/support/security-advisories/session-establishment-lock-up-during-replay-of-case-sigma1-messages/

Scores

CVSS v3 6.5

EPSS 0.0015

EPSS Percentile 4.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (1)

csa-iot/matter

Published Jul 24, 2024

Tracked Since Feb 18, 2026