CVE-2021-31785

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.1 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Technical Description Third Party Advisory
https://launchstudio.bluetooth.com/ListingDetails/76427	Third Party Advisory
https://www.actions-semi.com/index.php?id=3581&siteId=4	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-09-07 07:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-31785

Mitre link : CVE-2021-31785

CVE.ORG link : CVE-2021-31785

JSON object : View

Products Affected

actions-semi

ats2819
ats2819t_firmware
ats2819_firmware
ats2819p
ats2819t
ats2815_firmware
ats2815
ats2819s
ats2819s_firmware
ats2819p_firmware

CWE

CWE-667

Improper Locking

{"id": "CVE-2021-31785", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-09-07T07:15:07.143", "references": [{"url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://launchstudio.bluetooth.com/ListingDetails/76427", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.actions-semi.com/index.php?id=3581&siteId=4", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication."}, {"lang": "es", "value": "Una implementaci\u00f3n de Bluetooth Classic en los conjuntos de chips Actions ATS2815 y ATS2819, no maneja apropiadamente la recepci\u00f3n de m\u00faltiples paquetes LMP_host_connection_req, permitiendo a atacantes en el rango de radio desencadenar una denegaci\u00f3n de servicio (bloqueo) del dispositivo por medio de paquetes LMP dise\u00f1ados. Es requerida una intervenci\u00f3n manual del usuario para reiniciar el dispositivo y restaurar la comunicaci\u00f3n Bluetooth"}], "lastModified": "2022-05-03T16:04:40.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B034D11B-2F14-4283-8E99-27A9D7381CCE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4590A4D-CA4A-467B-9A0C-DDBAF32576D4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F959F1E4-A733-4454-8FC0-4A567946E582"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23646581-74EE-4C65-8BC8-D248C9A481F8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9293F654-73A6-4307-9610-91CFCB3B896D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E76B147-A1D1-4160-B87D-31DD5F9DFF1B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4935084A-87E2-4041-8108-37407D888798"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F918DD8-1070-44F5-A167-1D151430A89A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7243C2D0-67F2-4EC1-8A52-7540C3117293"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36CB59B4-95EB-487C-86EB-E8657D1C2286"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}