OpenCVE

Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ti	Cc256xb-bt-sp Cc256xb-bt-sp Firmware Cc256xc-bt-sp Cc256xc-bt-sp Firmware Wl18xx-bt-sp Wl18xx-bt-sp Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ti:cc256xc-bt-sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ti:cc256xc-bt-sp:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ti:cc256xb-bt-sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ti:cc256xb-bt-sp:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ti:wl18xx-bt-sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ti:wl18xx-bt-sp:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/856161
https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/ti_wl18xx_adv_rce.py
https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs
https://www.linkedin.com/in/veronica-kovah-2587185
https://www.youtube.com/watch?v=bk5lOxieqbA

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-13T15:06:29

Updated: 2024-08-05T01:03:32.307Z

Reserved: 2019-09-05T00:00:00

Link: CVE-2019-15948

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-11-13T16:15:11.050

Modified: 2020-08-18T20:15:11.137

Link: CVE-2019-15948

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-18T19:50:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.linkedin.com/in/veronica-kovah-2587185"}, {"tags": ["x_refsource_MISC"], "url": "https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/856161"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/ti_wl18xx_adv_rce.py"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=bk5lOxieqbA"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15948", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.linkedin.com/in/veronica-kovah-2587185", "refsource": "MISC", "url": "https://www.linkedin.com/in/veronica-kovah-2587185"}, {"name": "https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/856161", "refsource": "MISC", "url": "https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/856161"}, {"name": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs", "refsource": "MISC", "url": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs"}, {"name": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/ti_wl18xx_adv_rce.py", "refsource": "MISC", "url": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/ti_wl18xx_adv_rce.py"}, {"name": "https://www.youtube.com/watch?v=bk5lOxieqbA", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=bk5lOxieqbA"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:32.307Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.linkedin.com/in/veronica-kovah-2587185"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/856161"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/ti_wl18xx_adv_rce.py"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=bk5lOxieqbA"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15948", "datePublished": "2019-11-13T15:06:29", "dateReserved": "2019-09-05T00:00:00", "dateUpdated": "2024-08-05T01:03:32.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ti:cc256xc-bt-sp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FB29E68-8C4C-4360-9FA6-D96C7E6C6FF5", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ti:cc256xc-bt-sp:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BD86B3-CEC4-470A-95DB-94B9606E120C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ti:cc256xb-bt-sp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DCE50D0-6B03-4FB4-934E-E1B6ABBAB2C8", "versionEndIncluding": "1.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ti:cc256xb-bt-sp:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD9B5898-B0F4-4363-BC67-6FE008FAFD9A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ti:wl18xx-bt-sp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BADC83A-03D1-43C0-AF5E-CEC5B0FD7BFD", "versionEndIncluding": "4.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ti:wl18xx-bt-sp:-:*:*:*:*:*:*:*", "matchCriteriaId": "792E98CF-6A8B-4B19-BA5A-AF74C91FBB39", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4."}, {"lang": "es", "value": "Los dispositivos controladores de Bluetooth modo dual Texas Instruments CC256x y WL18xx, cuando se utiliza el modo de escaneo LE, permiten a atacantes remotos desencadenar un desbordamiento del b\u00fafer por medio de un paquete de publicidad Bluetooth Low Energy malformado, para causar una denegaci\u00f3n de servicio o potencialmente ejecutar c\u00f3digo arbitrario. Esto afecta a CC256xC-BT-SP versi\u00f3n 1.2, CC256xB-BT-SP versi\u00f3n 1.8 y WL18xx-BT-SP versi\u00f3n 4.4."}], "id": "CVE-2019-15948", "lastModified": "2020-08-18T20:15:11.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-13T16:15:11.050", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/856161"}, {"source": "cve@mitre.org", "url": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/ti_wl18xx_adv_rce.py"}, {"source": "cve@mitre.org", "url": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://www.linkedin.com/in/veronica-kovah-2587185"}, {"source": "cve@mitre.org", "url": "https://www.youtube.com/watch?v=bk5lOxieqbA"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}