FKIE_CVE-2021-31785

Vulnerability from fkie_nvd - Published: 2021-09-07 07:15 - Updated: 2024-11-21 06:06
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication.
References
cve@mitre.orghttps://dl.packetstormsecurity.net/papers/general/braktooth.pdfTechnical Description, Third Party Advisory
cve@mitre.orghttps://launchstudio.bluetooth.com/ListingDetails/76427Third Party Advisory
cve@mitre.orghttps://www.actions-semi.com/index.php?id=3581&siteId=4Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://dl.packetstormsecurity.net/papers/general/braktooth.pdfTechnical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://launchstudio.bluetooth.com/ListingDetails/76427Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.actions-semi.com/index.php?id=3581&siteId=4Broken Link, Vendor Advisory
Impacted products
Vendor Product Version
actions-semi ats2819p_firmware -
actions-semi ats2819p -
actions-semi ats2815_firmware -
actions-semi ats2815 -
actions-semi ats2819_firmware -
actions-semi ats2819 -
actions-semi ats2819s_firmware -
actions-semi ats2819s -
actions-semi ats2819t_firmware -
actions-semi ats2819t -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B034D11B-2F14-4283-8E99-27A9D7381CCE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4590A4D-CA4A-467B-9A0C-DDBAF32576D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F959F1E4-A733-4454-8FC0-4A567946E582",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23646581-74EE-4C65-8BC8-D248C9A481F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9293F654-73A6-4307-9610-91CFCB3B896D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E76B147-A1D1-4160-B87D-31DD5F9DFF1B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4935084A-87E2-4041-8108-37407D888798",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F918DD8-1070-44F5-A167-1D151430A89A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7243C2D0-67F2-4EC1-8A52-7540C3117293",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36CB59B4-95EB-487C-86EB-E8657D1C2286",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication."
    },
    {
      "lang": "es",
      "value": "Una implementaci\u00f3n de Bluetooth Classic en los conjuntos de chips Actions ATS2815 y ATS2819, no maneja apropiadamente la recepci\u00f3n de m\u00faltiples paquetes LMP_host_connection_req, permitiendo a atacantes en el rango de radio desencadenar una denegaci\u00f3n de servicio (bloqueo) del dispositivo por medio de paquetes LMP dise\u00f1ados. Es requerida una intervenci\u00f3n manual del usuario para reiniciar el dispositivo y restaurar la comunicaci\u00f3n Bluetooth"
    }
  ],
  "id": "CVE-2021-31785",
  "lastModified": "2024-11-21T06:06:13.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-07T07:15:07.143",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://launchstudio.bluetooth.com/ListingDetails/76427"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://www.actions-semi.com/index.php?id=3581\u0026siteId=4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://launchstudio.bluetooth.com/ListingDetails/76427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://www.actions-semi.com/index.php?id=3581\u0026siteId=4"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.