Bela Genge

**Name of the Vulnerable Software and Affected Versions** Matter protocol versions prior to 1.1 **Description** The issue is related to the Certificate Authenticated Session Establishment (CASE) protocol, which is used for establishing secure sessions between two devices. It allows an attacker to replay manipulated CASE Sigma1 messages, making the device unresponsive until it is power-cycled. **Recommendations** For Matter protocol versions prior to 1.1, consider disabling the Certificate Authenticated Session Establishment (CASE) protocol until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** connectedhomeip SDK version 1.2 **Description** The issue is related to an implementation problem in the Connectivity Standards Alliance Matter 1.2 protocol. This allows a third party to disclose information about devices that are part of the same fabric, a process known as footprinting. The protocol is designed to prevent access to such information, but this issue undermines that protection. **Recommendations** For connectedhomeip SDK version 1.2, consider restricting access to the Matter protocol until a fix is available to prevent information disclosure about devices on the same fabric. At the moment, there is no information about a newer version that contains a fix for this vulnerability.