fkie_nvd - fkie_cve-2024-6657

fkie_cve-2024-6657

Vulnerability from fkie_nvd

Published

2024-10-11 14:15

Modified

2024-11-04 15:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device.

References

	URL	Tags
	product-security@silabs.com	https://community.silabs.com/068Vm00000FfVNN

Impacted products

	Vendor	Product	Version

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial of service may be caused to a single peripheral device in a BLE network when multiple central \ndevices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device."
    },
    {
      "lang": "es",
      "value": "Se puede producir una denegaci\u00f3n de servicio a un \u00fanico dispositivo perif\u00e9rico en una red BLE cuando varios dispositivos centrales se conectan y desconectan continuamente del perif\u00e9rico. Es necesario realizar un reinicio completo para recuperar el dispositivo perif\u00e9rico."
    }
  ],
  "id": "CVE-2024-6657",
  "lastModified": "2024-11-04T15:15:24.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "product-security@silabs.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-11T14:15:05.770",
  "references": [
    {
      "source": "product-security@silabs.com",
      "url": "https://community.silabs.com/068Vm00000FfVNN"
    }
  ],
  "sourceIdentifier": "product-security@silabs.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-821"
        }
      ],
      "source": "product-security@silabs.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-6657 (GCVE-0-2024-6657)

Vulnerability from cvelistv5

Published

2024-10-11 13:52

Modified

2024-11-04 14:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-821 - Incorrect Synchronization

Summary

A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device.

References

URL

Tags

https://community.silabs.com/068Vm00000FfVNN

permissions-required, vendor-advisory

Impacted products

	Vendor	Product	Version
	silabs.com	EFR32 BLE SDK	Version: 7.1.0 ≤ 7.1.1 Version: 8.0.0 ≤

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6657",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T16:40:57.268096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T16:41:06.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "GSDK/SiSDK",
          "product": "EFR32 BLE SDK",
          "repo": "https://github.com/SiliconLabs/gecko_sdk",
          "vendor": "silabs.com",
          "versions": [
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A denial of service may be caused to a single peripheral device in a BLE network when multiple central \ndevices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device.\u003cbr\u003e"
            }
          ],
          "value": "A denial of service may be caused to a single peripheral device in a BLE network when multiple central \ndevices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-595",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-595 Connection Reset"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-821",
              "description": "CWE-821 Incorrect Synchronization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T14:16:17.415Z",
        "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "shortName": "Silabs"
      },
      "references": [
        {
          "tags": [
            "permissions-required",
            "vendor-advisory"
          ],
          "url": "https://community.silabs.com/068Vm00000FfVNN"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To mitigate the issue, upgrade to:\u0026nbsp;\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eEFR32 BLE SDK 7.1.2(GSDK 4.4.4) or later except BLE SDK 8.0.0(SiSDK 2024.6.0)\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEFR32 BLE SDK 8.1.0 (SiSDK 2024.6.1) or later\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "To mitigate the issue, upgrade to:\u00a0\n  *  EFR32 BLE SDK 7.1.2(GSDK 4.4.4) or later except BLE SDK 8.0.0(SiSDK 2024.6.0)\n  *  EFR32 BLE SDK 8.1.0 (SiSDK 2024.6.1) or later"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "BLE peripheral DoS after few cycles of connect/disconnects",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
    "assignerShortName": "Silabs",
    "cveId": "CVE-2024-6657",
    "datePublished": "2024-10-11T13:52:59.562Z",
    "dateReserved": "2024-07-10T14:18:38.454Z",
    "dateUpdated": "2024-11-04T14:16:17.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.