CVSS 3.1 Score 7.5 of 10 (high)


Published Oct 10, 2023
Updated: Feb 15, 2024
CWE ID 732


CVE-2023-42189, also known as the Insecure Permissions vulnerability, affects multiple products including Connectivity Standards Alliance Matter Official SDK v., Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69. It allows a remote attacker to cause a denial of service through a crafted script to the KeySetRemove function. The vulnerability has a high severity rating with a base score of 7.5 and an exploitability score of 3.9 according to [email protected]'s analysis report for CVE-2023-42189 in CVSS version 3.1 format (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The potential danger it poses to organizations is classified as high due to its impact on availability and the lack of user interaction or privileges required for exploitation by an attacker over the network.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42189 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options