CVE-2021-31613 - OpenCVE

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zh-jieli	Ac6925 Ac6901 Ac6921 Firmware Ac6921 Ac6926 Ac6928 Firmware Ac6901 Firmware Ac6928 Ac6925 Firmware Ac6926 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zh-jieli:ac6901_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6901:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zh-jieli:ac6925_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6925:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zh-jieli:ac6926_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6926:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:zh-jieli:ac6928_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6928:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:zh-jieli:ac6921_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6921:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.zh-jieli.com/product/68-cn.html	Product Vendor Advisory
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Technical Description Third Party Advisory
https://launchstudio.bluetooth.com/ListingDetails/19746	Third Party Advisory
https://launchstudio.bluetooth.com/ListingDetails/58628	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-07T06:00:56

Updated: 2021-09-07T06:00:56

Reserved: 2021-04-23T00:00:00

Link: CVE-2021-31613

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-07T06:15:07.577

Modified: 2021-09-09T22:55:59.477

Link: CVE-2021-31613

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-07T06:00:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zh-jieli.com/product/68-cn.html"}, {"tags": ["x_refsource_MISC"], "url": "https://launchstudio.bluetooth.com/ListingDetails/58628"}, {"tags": ["x_refsource_MISC"], "url": "https://launchstudio.bluetooth.com/ListingDetails/19746"}, {"tags": ["x_refsource_MISC"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31613", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zh-jieli.com/product/68-cn.html", "refsource": "MISC", "url": "http://www.zh-jieli.com/product/68-cn.html"}, {"name": "https://launchstudio.bluetooth.com/ListingDetails/58628", "refsource": "MISC", "url": "https://launchstudio.bluetooth.com/ListingDetails/58628"}, {"name": "https://launchstudio.bluetooth.com/ListingDetails/19746", "refsource": "MISC", "url": "https://launchstudio.bluetooth.com/ListingDetails/19746"}, {"name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "refsource": "MISC", "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31613", "datePublished": "2021-09-07T06:00:56", "dateReserved": "2021-04-23T00:00:00", "dateUpdated": "2021-09-07T06:00:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6901_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A68BB39A-4A9C-4B57-9D29-12601FCFC763", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6901:-:*:*:*:*:*:*:*", "matchCriteriaId": "06EBB244-F958-45C8-84B5-DFB3BA3E9449", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6925_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F327D670-BA99-4E1B-8653-0D611BAC2DB6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6925:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B4E66F9-29B9-4A90-96DE-3E4FE0A5F598", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6926_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AB77D0C-695A-4092-8660-D3A54BFD4059", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6926:-:*:*:*:*:*:*:*", "matchCriteriaId": "754D8DF0-4090-4E6A-9433-6727A941A29F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6928_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F773079C-E4F2-4ABC-9AFD-3FA806B01055", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6928:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A6CC1D2-2654-4E88-B564-A51B3BBB6D1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zh-jieli:ac6921_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E80A0EAC-347A-4E0A-8C7E-2FD527DAC8CE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zh-jieli:ac6921:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E825175-6F3D-4835-89C4-70BDCFA7564F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet."}, {"lang": "es", "value": "Una implementaci\u00f3n de Bluetooth Classic en los dispositivos AC690X y AC692X de Zhuhai Jieli, no maneja apropiadamente la recepci\u00f3n de un paquete LMP truncado durante el procedimiento de tasa autom\u00e1tica de LMP, permitiendo a atacantes en el rango de radio bloquear inmediatamente (y reiniciar) un dispositivo por medio de un paquete LMP dise\u00f1ado"}], "id": "CVE-2021-31613", "lastModified": "2021-09-09T22:55:59.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-07T06:15:07.577", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "http://www.zh-jieli.com/product/68-cn.html"}, {"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://launchstudio.bluetooth.com/ListingDetails/19746"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://launchstudio.bluetooth.com/ListingDetails/58628"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}