CVE-2021-34143

Sažetak

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure. User intervention is required to restart the device.

Reference

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://launchstudio.bluetooth.com/ListingDetails/91371
https://github.com/Jieli-Tech/fw-AC63_BT_SDK

CVSS

Base:	6.1
Impact:	6.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:A/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

14-09-2021 - 13:57

Objavljeno

07-09-2021 - 07:15