CVE-2020-13593 - OpenCVE

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ti	Simplelink-cc2640r2 Software Development Kit

Configuration 1 [-]

cpe:2.3:a:ti:simplelink-cc2640r2_software_development_kit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.ti.com/tool/BLE-STACK
https://asset-group.github.io/cves.html
https://asset-group.github.io/disclosures/sweyntooth/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-31T14:54:16

Updated: 2024-08-04T12:25:16.374Z

Reserved: 2020-05-26T00:00:00

Link: CVE-2020-13593

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-31T15:15:10.493

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-13593

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-31T14:54:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.ti.com/tool/BLE-STACK"}, {"tags": ["x_refsource_MISC"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"tags": ["x_refsource_MISC"], "url": "https://asset-group.github.io/cves.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ti.com/tool/BLE-STACK", "refsource": "MISC", "url": "http://www.ti.com/tool/BLE-STACK"}, {"name": "https://asset-group.github.io/disclosures/sweyntooth/", "refsource": "MISC", "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"name": "https://asset-group.github.io/cves.html", "refsource": "MISC", "url": "https://asset-group.github.io/cves.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:25:16.374Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ti.com/tool/BLE-STACK"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://asset-group.github.io/cves.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13593", "datePublished": "2020-08-31T14:54:16", "dateReserved": "2020-05-26T00:00:00", "dateUpdated": "2024-08-04T12:25:16.374Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ti:simplelink-cc2640r2_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "926AFD8E-FB10-4FDC-AF8B-52C4A067E342", "versionEndIncluding": "2.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK)."}, {"lang": "es", "value": "La implementaci\u00f3n del Bluetooth Low Energy Secure Manager Protocol (SMP) en Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK versiones hasta 2.2.3, permite omitir una comprobaci\u00f3n de Diffie-Hellman durante el emparejamiento de la Conexi\u00f3n Segura si la configuraci\u00f3n de cifrado de la capa de enlace es llevada a cabo antes. Un atacante dentro del radio de alcance puede lograr acceso arbitrario de lectura y escritura a datos de servicio protegidos por GATT, causar una denegaci\u00f3n de servicio o posiblemente controlar la funci\u00f3n de un dispositivo al establecer una sesi\u00f3n cifrada con una Long Term Key (LTK) no autenticada"}], "id": "CVE-2020-13593", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-31T15:15:10.493", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ti.com/tool/BLE-STACK"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://asset-group.github.io/cves.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}