CVE-2020-13594 - OpenCVE

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Espressif	Esp-idf Esp32

Configuration 1 [-]

AND

cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*

cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://asset-group.github.io/cves.html
https://asset-group.github.io/disclosures/sweyntooth/
https://github.com/espressif/esp32-bt-lib

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-31T14:58:25

Updated: 2024-08-04T12:25:16.208Z

Reserved: 2020-05-26T00:00:00

Link: CVE-2020-13594

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-31T15:15:10.633

Modified: 2020-09-08T21:07:00.197

Link: CVE-2020-13594

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-31T14:58:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"tags": ["x_refsource_MISC"], "url": "https://asset-group.github.io/cves.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/espressif/esp32-bt-lib"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13594", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://asset-group.github.io/disclosures/sweyntooth/", "refsource": "MISC", "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"name": "https://asset-group.github.io/cves.html", "refsource": "MISC", "url": "https://asset-group.github.io/cves.html"}, {"name": "https://github.com/espressif/esp32-bt-lib", "refsource": "MISC", "url": "https://github.com/espressif/esp32-bt-lib"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:25:16.208Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://asset-group.github.io/cves.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/espressif/esp32-bt-lib"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13594", "datePublished": "2020-08-31T14:58:25", "dateReserved": "2020-05-26T00:00:00", "dateUpdated": "2024-08-04T12:25:16.208Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C54B320-683C-4645-86DC-65CE4FA1EAB4", "versionEndIncluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1024B06-380B-4116-B7F9-A21A03534B0C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet."}, {"lang": "es", "value": "La implementaci\u00f3n del controlador Bluetooth Low Energy (BLE) en Espressif ESP-IDF versiones 4.2 y anteriores (para dispositivos ESP32) no restringe apropiadamente el campo channel map del paquete de petici\u00f3n de conexi\u00f3n en la recepci\u00f3n, permitiendo a unos atacantes en el radio de alcance causar una denegaci\u00f3n de servicio (bloqueo) por medio de un paquete dise\u00f1ado"}], "id": "CVE-2020-13594", "lastModified": "2020-09-08T21:07:00.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-31T15:15:10.633", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://asset-group.github.io/cves.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/espressif/esp32-bt-lib"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}