CVSS 3.1 Score 7.8 of 10 (high)


Published Sep 21, 2023
Updated: Oct 16, 2023
CWE ID 321
CWE ID 798


CVE-2023-43637 is a vulnerability that affects multiple products, including szJMwP, szJMwO, szJMwN, and many others. The vulnerability is caused by a weak implementation of the "deriveVaultKey" function, which results in the generated vault key having predetermined weak bytes. This issue exists in devices that were initialized before version 7.10 and updated to a newer version. To remediate this vulnerability, an update needs to be rolled out that enforces the full 32-byte key usage. The potential danger of this vulnerability lies in the weakened security of the vault key, which could lead to unauthorized access and compromise of sensitive data stored on affected devices.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-43637 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options