Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31615

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.

Published

2021-06-25T12:15:08.430

Last Modified

2024-11-21T06:06:01.950

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:N/I:N/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

5.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bluetooth	bluetooth_core_specification	≤ 5.2	Yes

References

https://bluetooth.com Vendor Advisory ([email protected])
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/ Vendor Advisory ([email protected])
https://bluetooth.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)