CVE-2021-34143 : The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure. User intervention is required to restart the device.

Published 2021-09-07 07:15:07

Updated 2021-09-14 13:57:23

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-34143

Zh-jieli » Fw-ac63 Bt Sdk » Version: 1.0.0
cpe:2.3:o:zh-jieli:fw-ac63_bt_sdk:1.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Zh-jieli » Ac6936 » Version: N/A
When used together with: Zh-jieli » Ac6951 » Version: N/A
When used together with: Zh-jieli » Ac6952 » Version: N/A
When used together with: Zh-jieli » Ac6954 » Version: N/A
When used together with: Zh-jieli » Ac6955 » Version: N/A
When used together with: Zh-jieli » Ac6956 » Version: N/A
When used together with: Zh-jieli » Ac6963 » Version: N/A
When used together with: Zh-jieli » Ac6965 » Version: N/A
When used together with: Zh-jieli » Ac6966 » Version: N/A
When used together with: Zh-jieli » Ac6969 » Version: N/A
When used together with: Zh-jieli » Ac6973 » Version: N/A
When used together with: Zh-jieli » Ac6976 » Version: N/A
When used together with: Zh-jieli » Ac6983 » Version: N/A
When used together with: Zh-jieli » Ac6986 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-34143

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 45 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-34143

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.1	MEDIUM	AV:A/AC:L/Au:N/C:N/I:N/A:C	6.5	6.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2021-34143

https://launchstudio.bluetooth.com/ListingDetails/91371

Launch Studio - Listing Details
Third Party Advisory

CVEs referencing this url
https://github.com/Jieli-Tech/fw-AC63_BT_SDK

GitHub - Jieli-Tech/fw-AC63_BT_SDK: Firmware for Generic Bluetooth SDK（AC63 series）, Support AC631N/AC635N/AC636N/AC637N/AC632N, compatible with AC69 series without audio support.
Third Party Advisory

CVEs referencing this url
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

Broken Link

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-34143

Products affected by CVE-2021-34143

Exploit prediction scoring system (EPSS) score for CVE-2021-34143

CVSS scores for CVE-2021-34143

References for CVE-2021-34143