CVE-2019-19195 - The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB1

CVE-2019-19195

Summary

The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

References

https://asset-group.github.io/disclosures/sweyntooth/
https://www.microchip.com/wwwproducts/en/ATSAMB11

Vulnerable Configurations

cpe:2.3:a:microchip:atmsamb11_blusdk_smart:6.2:*:*:*:*:*:*:*
cpe:2.3:a:microchip:atmsamb11_blusdk_smart:6.2:*:*:*:*:*:*:*
cpe:2.3:h:microchip:atsamb11:-:*:*:*:*:*:*:*
cpe:2.3:h:microchip:atsamb11:-:*:*:*:*:*:*:*

CVSS

Base:	6.1 (as of 13-02-2020 - 16:09)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:N/C:N/I:N/A:C

refmap via4

misc

https://asset-group.github.io/disclosures/sweyntooth/
https://www.microchip.com/wwwproducts/en/ATSAMB11

Last major update

13-02-2020 - 16:09

Published

10-02-2020 - 21:51

Last modified

13-02-2020 - 16:09