CVE-2019-17520

The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.1 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.ti.com/tool/LAUNCHXL-CC2640R2	Product Vendor Advisory
https://asset-group.github.io/disclosures/sweyntooth/	Third Party Advisory
https://www.youtube.com/watch?v=Iw8sIBLWE_w	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ti:cc2640r2_software_development_kit:*:*:*:*:*:*:*:*

cpe:2.3:h:ti:cc2640r2:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-10 21:51

Updated : 2023-12-10 13:13

NVD link : CVE-2019-17520

Mitre link : CVE-2019-17520

CVE.ORG link : CVE-2019-17520

JSON object : View

Products Affected

ti

cc2640r2_software_development_kit
cc2640r2

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2019-17520", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-02-10T21:51:15.953", "references": [{"url": "http://www.ti.com/tool/LAUNCHXL-CC2640R2", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://asset-group.github.io/disclosures/sweyntooth/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets."}, {"lang": "es", "value": "La implementaci\u00f3n de Bluetooth Low Energy en el SDK de Texas Instruments versiones hasta el 3.30.00.20 para dispositivos CC2640R2, no restringe apropiadamente el paquete SM Public Key en la recepci\u00f3n, permitiendo a atacantes dentro del radio de alcance causar una denegaci\u00f3n de servicio (bloqueo) por medio de paquetes dise\u00f1ados."}], "lastModified": "2020-02-14T18:10:28.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ti:cc2640r2_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A2A2B2-D516-44F6-A6DA-1D38B28ED10E", "versionEndIncluding": "3.30.00.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ti:cc2640r2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "889CA341-5C9A-4D2A-985A-EC9AA6E62486"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}