CVE-2021-31786 - OpenCVE

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Actions-semi	Ats2819 Ats2819s Firmware Ats2819s Ats2819t Firmware Ats2819p Firmware Ats2819 Firmware Ats2815 Ats2819t Ats2819p Ats2815 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*

References

Link	Resource
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Technical Description Third Party Advisory
https://launchstudio.bluetooth.com/ListingDetails/76427	Third Party Advisory
https://www.actions-semi.com/index.php?id=3581&siteId=4	Broken Link Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-07T06:05:49

Updated: 2021-09-07T06:05:49

Reserved: 2021-04-23T00:00:00

Link: CVE-2021-31786

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-07T07:15:07.190

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-31786

JSON object: View

Redhat Information

No data.

CWE

CWE-667

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-07T06:05:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.actions-semi.com/index.php?id=3581&siteId=4"}, {"tags": ["x_refsource_MISC"], "url": "https://launchstudio.bluetooth.com/ListingDetails/76427"}, {"tags": ["x_refsource_MISC"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31786", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.actions-semi.com/index.php?id=3581&siteId=4", "refsource": "MISC", "url": "https://www.actions-semi.com/index.php?id=3581&siteId=4"}, {"name": "https://launchstudio.bluetooth.com/ListingDetails/76427", "refsource": "MISC", "url": "https://launchstudio.bluetooth.com/ListingDetails/76427"}, {"name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "refsource": "MISC", "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31786", "datePublished": "2021-09-07T06:05:49", "dateReserved": "2021-04-23T00:00:00", "dateUpdated": "2021-09-07T06:05:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B034D11B-2F14-4283-8E99-27A9D7381CCE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4590A4D-CA4A-467B-9A0C-DDBAF32576D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F959F1E4-A733-4454-8FC0-4A567946E582", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*", "matchCriteriaId": "23646581-74EE-4C65-8BC8-D248C9A481F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9293F654-73A6-4307-9610-91CFCB3B896D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E76B147-A1D1-4160-B87D-31DD5F9DFF1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4935084A-87E2-4041-8108-37407D888798", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F918DD8-1070-44F5-A167-1D151430A89A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7243C2D0-67F2-4EC1-8A52-7540C3117293", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*", "matchCriteriaId": "36CB59B4-95EB-487C-86EB-E8657D1C2286", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host."}, {"lang": "es", "value": "Una implementaci\u00f3n de Bluetooth Classic Audio en los dispositivos Actions ATS2815 y ATS2819, no maneja apropiadamente un intento de conexi\u00f3n desde un host con la misma direcci\u00f3n BDAddress que el host BT conectado en ese momento, permitiendo a atacantes desencadenar una desconexi\u00f3n y un bloqueo del dispositivo al conectarse con una direcci\u00f3n BDAddress falsificada que coincide con el host conectado original"}], "id": "CVE-2021-31786", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-07T07:15:07.190", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://launchstudio.bluetooth.com/ListingDetails/76427"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://www.actions-semi.com/index.php?id=3581&siteId=4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}