Published: 20/09/2021 Updated: 07/10/2021

CVSS v2 Base Score: 4.3 | Impact Score: 4.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6

VMScore: 383

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N

TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ti 15.4-stack -
ti ble5-stack -
ti dynamic multi-protocal manager -
ti easylink -
ti openthread -
ti z-stack -
ti real-time operating system -

CWE-863 https://www.usenix.org/system/files/sec20-zhang-yue.pdf http://software-dl.ti.com/simplelink/esd/simplelink_cc13x2_26x2_sdk/3.20.00.68/exports/changelog.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-16630

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect