CVE-2020-13595

{"id": "CVE-2020-13595", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-08-31T15:15:10.680", "references": [{"url": "https://asset-group.github.io/cves.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://asset-group.github.io/disclosures/sweyntooth/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/espressif/esp32-bt-lib", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets."}, {"lang": "es", "value": "La implementaci\u00f3n del controlador Bluetooth Low Energy (BLE) en Espressif ESP-IDF versiones 4.0 hasta 4.2 (para dispositivos ESP32) devuelve el n\u00famero errado de paquetes BLE completados y desencadena una aserci\u00f3n alcanzable en la pila del host cuando est\u00e1 recibiendo un paquete con un fallo de MIC. Un atacante dentro del radio de alcance puede desencadenar silenciosamente la aserci\u00f3n (que deshabilita la pila BLE del objetivo) al enviar una secuencia de paquetes BLE dise\u00f1ada"}], "lastModified": "2020-09-08T21:09:33.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8034F36-3371-4111-AE71-573B85934B20", "versionEndIncluding": "4.2", "versionStartIncluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1024B06-380B-4116-B7F9-A21A03534B0C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}