CVE Vulnerability

CVE-2019-17520

The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.

6.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.5 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.ti.com/tool/LAUNCHXL-CC2640R2 Product Vendor Advisory
https://asset-group.github.io/disclosures/sweyntooth/ Third Party Advisory
https://www.youtube.com/watch?v=Iw8sIBLWE_w Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2020-02-10 09:51

Updated : 2020-02-14 06:10

NVD link : CVE-2019-17520

Mitre link : CVE-2019-17520

Products Affected

Cc2640r2 Software Development Kit

Ti

CWE
CWE-120