CVE-2022-46400

Exploit

EPSS 0.03%
Published 19.12.2022 23:15:10
Last modified 17.04.2025 15:15:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Microchip ≫ Bm78 Firmware Version1.43

Microchip ≫ Bm78 Version-

Microchip ≫ Bm83 Firmware Version1.43

Microchip ≫ Bm83 Version-

Microchip ≫ Rn4870 Firmware Version1.43

Microchip ≫ Rn4870 Version-

Microchip ≫ Rn4871 Firmware Version1.43

Microchip ≫ Rn4871 Version-

Microchip ≫ Bm70 Firmware Version1.43

Microchip ≫ Bm70 Version-

Microchip ≫ Bm71 Firmware Version1.43

Microchip ≫ Bm71 Version-

Microchip ≫ Pic Lightblue Explorer Demo Firmware Version4.2_dt100112

Microchip ≫ Pic Lightblue Explorer Demo Version-

Microchip ≫ Is1870 Firmware Version1.43

Microchip ≫ Is1870 Version-

Microchip ≫ Is1871 Firmware Version1.43

Microchip ≫ Is1871 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.074

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.8	2.5	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://microchip.com

Product

https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM

Third Party Advisory

Exploit

Technical Description

https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG

Third Party Advisory

https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-46400

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-46400

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-46400

EUVD