CVE-2022-46403

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://microchip.com	Product
https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM	Exploit Technical Description Third Party Advisory
https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG	Third Party Advisory
https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:microchip:bm78_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:bm78:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:microchip:bm83_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:bm83:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:microchip:rn4870_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:rn4870:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:microchip:rn4871_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:rn4871:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:microchip:bm70_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:bm70:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:microchip:bm71_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:bm71:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:microchip:pic_lightblue_explorer_demo_firmware:4.2_dt100112:*:*:*:*:*:*:*

cpe:2.3:h:microchip:pic_lightblue_explorer_demo:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:microchip:is1871_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:is1871:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:microchip:is1870_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:is1870:-:*:*:*:*:*:*:*

History

27 Dec 2022, 20:00

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le -~~	(CONFIRM) https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le - Vendor Advisory
References	~~(MISC) https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG -~~	(MISC) https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG - Third Party Advisory
References	~~(MISC) https://microchip.com -~~	(MISC) https://microchip.com - Product
References	~~(MISC) https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM -~~	(MISC) https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM - Exploit, Technical Description, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.6
First Time		Microchip bm71 Microchip rn4870 Microchip bm83 Firmware Microchip pic Lightblue Explorer Demo Microchip bm70 Microchip bm83 Microchip bm70 Firmware Microchip rn4870 Firmware Microchip rn4871 Firmware Microchip is1871 Microchip pic Lightblue Explorer Demo Firmware Microchip is1870 Firmware Microchip bm78 Firmware Microchip bm71 Firmware Microchip bm78 Microchip is1871 Firmware Microchip is1870 Microchip rn4871 Microchip
CPE		cpe:2.3:h:microchip:is1871:-:::::::* cpe:2.3:h:microchip:rn4871:-:::::::* cpe:2.3:o:microchip:bm71_firmware:1.43:::::::* cpe:2.3:o:microchip:is1870_firmware:1.43:::::::* cpe:2.3:h:microchip:is1870:-:::::::* cpe:2.3:h:microchip:rn4870:-:::::::* cpe:2.3:h:microchip:bm78:-:::::::* cpe:2.3:o:microchip:rn4870_firmware:1.43:::::::* cpe:2.3:o:microchip:is1871_firmware:1.43:::::::* cpe:2.3:h:microchip:pic_lightblue_explorer_demo:-:::::::* cpe:2.3:h:microchip:bm70:-:::::::* cpe:2.3:h:microchip:bm71:-:::::::* cpe:2.3:o:microchip:bm70_firmware:1.43:::::::* cpe:2.3:o:microchip:rn4871_firmware:1.43:::::::* cpe:2.3:o:microchip:bm83_firmware:1.43:::::::* cpe:2.3:o:microchip:pic_lightblue_explorer_demo_firmware:4.2_dt100112:::::::* cpe:2.3:o:microchip:bm78_firmware:1.43:::::::* cpe:2.3:h:microchip:bm83:-:::::::*
CWE		NVD-CWE-noinfo

19 Dec 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-19 23:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-46403

Mitre link : CVE-2022-46403

CVE.ORG link : CVE-2022-46403

JSON object : View

Products Affected

microchip

bm78_firmware
is1871
is1870_firmware
pic_lightblue_explorer_demo_firmware
pic_lightblue_explorer_demo
is1871_firmware
bm83
bm70_firmware
bm71_firmware
is1870
bm70
rn4870_firmware
rn4870
rn4871_firmware
bm83_firmware
rn4871
bm71
bm78

CWE

NVD-CWE-noinfo

8.6 /10