CVE-2021-28139

Sažetak

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.

Reference

https://github.com/espressif/esp32-bt-lib
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://www.espressif.com/en/products/socs/esp32
https://github.com/espressif/esp-idf

CVSS

Base:	8.3
Impact:	10.0
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:A/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-09-2021 - 23:30

Objavljeno

07-09-2021 - 07:15