CVE-2021-34145 - OpenCVE

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cypress	Cyw20735b1 Wireless Internet Connectivity For Embedded Devices

Configuration 1 [-]

AND

cpe:2.3:o:cypress:wireless_internet_connectivity_for_embedded_devices:*:*:*:*:*:*:*:*

cpe:2.3:h:cypress:cyw20735b1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-07T06:22:08

Updated: 2024-08-04T00:05:52.503Z

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-34145

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-07T07:15:07.280

Modified: 2021-09-14T15:06:19.830

Link: CVE-2021-34145

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-07T06:22:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices"}, {"tags": ["x_refsource_MISC"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-34145", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices", "refsource": "MISC", "url": "https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices"}, {"name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "refsource": "MISC", "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:05:52.503Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-34145", "datePublished": "2021-09-07T06:22:08", "dateReserved": "2021-06-07T00:00:00", "dateUpdated": "2024-08-04T00:05:52.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cypress:wireless_internet_connectivity_for_embedded_devices:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A29026A-CED7-4BAD-8B64-B5E45A7A6A29", "versionEndIncluding": "2.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cypress:cyw20735b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6EBADCA-0C07-4AA0-827D-881CD6FEBE49", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet."}, {"lang": "es", "value": "Una implementaci\u00f3n de Bluetooth Classic en la pila WICED BT de Cypress versiones hasta 2.9.0, para los dispositivos CYW20735B1 no maneja apropiadamente la recepci\u00f3n de LMP_max_slot con un tipo de paquete de banda base no v\u00e1lido (y LT_ADDRESS y LT_ADDR) tras la finalizaci\u00f3n del procedimiento de configuraci\u00f3n de LMP, permitiendo a atacantes en el rango de radio desencadenar una denegaci\u00f3n de servicio (bloqueo del firmware) por medio de un paquete LMP dise\u00f1ado"}], "id": "CVE-2021-34145", "lastModified": "2021-09-14T15:06:19.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-07T07:15:07.280", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}