OpenCVE

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Silabs	Bluetooth Low Energy Software Development Kit

Configuration 1 [-]

cpe:2.3:a:silabs:bluetooth_low_energy_software_development_kit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py
https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs
https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655
https://www.youtube.com/watch?v=saoTr1NwdzM

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-19T19:22:58

Updated: 2024-08-04T13:15:20.821Z

Reserved: 2020-07-05T00:00:00

Link: CVE-2020-15531

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-20T01:17:12.663

Modified: 2020-08-24T21:02:41.773

Link: CVE-2020-15531

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-19T19:22:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=saoTr1NwdzM"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15531", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655", "refsource": "MISC", "url": "https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655"}, {"name": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py", "refsource": "MISC", "url": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py"}, {"name": "https://www.youtube.com/watch?v=saoTr1NwdzM", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=saoTr1NwdzM"}, {"name": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs", "refsource": "MISC", "url": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:15:20.821Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=saoTr1NwdzM"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15531", "datePublished": "2020-08-19T19:22:58", "dateReserved": "2020-07-05T00:00:00", "dateUpdated": "2024-08-04T13:15:20.821Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:bluetooth_low_energy_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CA55EDF-A1E5-43D3-8ED0-BADA03654777", "versionEndExcluding": "2.13.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles."}, {"lang": "es", "value": "Silicon Labs Bluetooth Low Energy SDK versiones anteriores a 2.13.3, presenta un desbordamiento de b\u00fafer por medio de paquetes de datos. Esta es una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota por aire en Bluetooth LE en los SoC EFR32 y m\u00f3dulos asociados que ejecutan Bluetooth SDK, que admiten funciones de Central u Observer."}], "id": "CVE-2020-15531", "lastModified": "2020-08-24T21:02:41.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-20T01:17:12.663", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=saoTr1NwdzM"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}