CVE-2021-31615

EPSS 0.14%
Published 25.06.2021 12:15:08
Last modified 21.11.2024 06:06:01
Source cve@mitre.org
Teams watchlist Login
Open Login

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Bluetooth ≫ Bluetooth Core Specification Version >= 4.0 <= 5.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.351

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.9	5.5	2.9	AV:A/AC:M/Au:N/C:N/I:N/A:P

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://bluetooth.com

Vendor Advisory

https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-31615

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31615

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31615

EUVD