CVE-2024-3454

Name of the Vulnerable Software and Affected Versions connectedhomeip SDK version 1.2

Description The issue is related to an implementation problem in the Connectivity Standards Alliance Matter 1.2 protocol. This allows a third party to disclose information about devices that are part of the same fabric, a process known as footprinting. The protocol is designed to prevent access to such information, but this issue undermines that protection.

Recommendations For connectedhomeip SDK version 1.2, consider restricting access to the Matter protocol until a fix is available to prevent information disclosure about devices on the same fabric. At the moment, there is no information about a newer version that contains a fix for this vulnerability.