Vulnerability Details : CVE-2021-31615
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.
Products affected by CVE-2021-31615
- Bluetooth » Bluetooth Core SpecificationVersions from including (>=) 4.0 and up to, including, (<=) 5.2cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-31615
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-31615
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.9
|
LOW | AV:A/AC:M/Au:N/C:N/I:N/A:P |
5.5
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2021-31615
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-31615
-
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/
Security Notice | Bluetooth® Technology WebsiteVendor Advisory
-
https://bluetooth.com
Bluetooth® Technology WebsiteVendor Advisory
Jump to