CVE-2021-31615

EPSS 0.14%
Veröffentlicht 25.06.2021 12:15:08
Zuletzt bearbeitet 21.11.2024 06:06:01
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bluetooth ≫ Bluetooth Core Specification Version >= 4.0 <= 5.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.351

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.9	5.5	2.9	AV:A/AC:M/Au:N/C:N/I:N/A:P

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://bluetooth.com

Vendor Advisory

https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-31615

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31615

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31615

EUVD