Attacker Value
Moderate
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Adjacent_network
0

CVE-2019-19193

Disclosure Date: February 10, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

Add Assessment

1
Ratings
Technical Analysis

This vuln is part of a related batch named SweynTooth from researchers at the Singapore University of Technology and Design. The SweynTooth vulnerabilities lie within certain Bluetooth Low Energy (BLE) SDKs for Systems-on-a-Chip (SoC), which can make proliferating fixes to affected devices in the field a slow going.

Vulnerable devices need to be within BLE radio range in order for an attacker to target. A successful exploit can leave the target in a deadlocked state (in this case, stuck in the ‘idle’ state), triggered by sending the vulnerable device either a truncated connection request OR a connection request with invalid ‘interval’ or ‘timeout’ values of 0. While the condition of being stuck in the ‘idle’ state should be handled by the application layer (and transitioned to another state), not all devices correctly do so (at least one instance of ‘example code’ provided with the SDK did not handle this condition). In their testing, researchers were able to deadlock a eGeeTounch smart luggage lock containing this vulnerability, requiring a powercycle to resume normal operation. A detailed explanation can be found here in the original disclosure. It appears the SoC manufacturer has issued fixes for their vulnerable SDK(s).

EDIT: Attacker Value for this item largely depends on the type of device the vulnerable target is and behavior the device exhibits when successfully exploited.

CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
3.6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • ti

Products

  • ble-stack,
  • cc2640r2 software development kit

Additional Info

Technical Analysis