CVE-2021-31611 - OpenCVE

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zh-jieli	Ac6925 Ac6901 Ac6921 Firmware Ac6921 Ac6926 Ac6928 Firmware Ac6901 Firmware Ac6928 Ac6925 Firmware Ac6926 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zh-jieli:ac6901_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6901:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zh-jieli:ac6925_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6925:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zh-jieli:ac6926_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6926:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:zh-jieli:ac6928_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6928:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:zh-jieli:ac6921_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6921:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.zh-jieli.com/product/68-cn.html	Vendor Advisory
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Broken Link
https://launchstudio.bluetooth.com/ListingDetails/19746	Third Party Advisory
https://launchstudio.bluetooth.com/ListingDetails/58628	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-07T06:03:47

Updated: 2021-09-07T06:03:47

Reserved: 2021-04-23T00:00:00

Link: CVE-2021-31611

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-07T07:15:07.043

Modified: 2022-05-03T16:04:40.443

Link: CVE-2021-31611

JSON object: View

Redhat Information

No data.

CWE

CWE-667

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-07T06:03:47", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zh-jieli.com/product/68-cn.html"}, {"tags": ["x_refsource_MISC"], "url": "https://launchstudio.bluetooth.com/ListingDetails/58628"}, {"tags": ["x_refsource_MISC"], "url": "https://launchstudio.bluetooth.com/ListingDetails/19746"}, {"tags": ["x_refsource_MISC"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31611", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zh-jieli.com/product/68-cn.html", "refsource": "MISC", "url": "http://www.zh-jieli.com/product/68-cn.html"}, {"name": "https://launchstudio.bluetooth.com/ListingDetails/58628", "refsource": "MISC", "url": "https://launchstudio.bluetooth.com/ListingDetails/58628"}, {"name": "https://launchstudio.bluetooth.com/ListingDetails/19746", "refsource": "MISC", "url": "https://launchstudio.bluetooth.com/ListingDetails/19746"}, {"name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "refsource": "MISC", "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31611", "datePublished": "2021-09-07T06:03:47", "dateReserved": "2021-04-23T00:00:00", "dateUpdated": "2021-09-07T06:03:47", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6901_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A68BB39A-4A9C-4B57-9D29-12601FCFC763", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6901:-:*:*:*:*:*:*:*", "matchCriteriaId": "06EBB244-F958-45C8-84B5-DFB3BA3E9449", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6925_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F327D670-BA99-4E1B-8653-0D611BAC2DB6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6925:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B4E66F9-29B9-4A90-96DE-3E4FE0A5F598", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6926_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AB77D0C-695A-4092-8660-D3A54BFD4059", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6926:-:*:*:*:*:*:*:*", "matchCriteriaId": "754D8DF0-4090-4E6A-9433-6727A941A29F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6928_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F773079C-E4F2-4ABC-9AFD-3FA806B01055", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6928:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A6CC1D2-2654-4E88-B564-A51B3BBB6D1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6921_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E80A0EAC-347A-4E0A-8C7E-2FD527DAC8CE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6921:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E825175-6F3D-4835-89C4-70BDCFA7564F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication."}, {"lang": "es", "value": "La implementaci\u00f3n de Bluetooth Classic en los dispositivos Zhuhai Jieli AC690X y AC692X, no maneja apropiadamente un procedimiento de configuraci\u00f3n LMP fuera de orden que es seguido por un paquete LMP malformado, que permite a atacantes en el rango de radio bloquear un dispositivo por medio de un paquete LMP dise\u00f1ado. El usuario debe reiniciar manualmente el dispositivo para restablecer la comunicaci\u00f3n"}], "id": "CVE-2021-31611", "lastModified": "2022-05-03T16:04:40.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-07T07:15:07.043", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.zh-jieli.com/product/68-cn.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://launchstudio.bluetooth.com/ListingDetails/19746"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://launchstudio.bluetooth.com/ListingDetails/58628"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}