6.5

CVE-2021-34146

EPSS 0.1%
Veröffentlicht 07.09.2021 07:15:07
Zuletzt bearbeitet 21.11.2024 06:09:57
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cypress ≫ Cyw920735q60evb-01 Firmware Version-

Cypress ≫ Cyw920735q60evb-01 Version-

Cypress ≫ Cyw20735b1 Firmware Version-

Cypress ≫ Cyw20735b1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.285

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:N/A:C

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

Third Party Advisory

Technical Description

https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34146

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34146

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34146

EUVD