Vulnerability Description
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ti | Cc2640R2 Software Development Kit | <= 3.30.00.20 |
| Ti | Cc2640R2 | - |
Related Weaknesses (CWE)
References
- http://www.ti.com/tool/LAUNCHXL-CC2640R2ProductVendor Advisory
- https://asset-group.github.io/disclosures/sweyntooth/Third Party Advisory
- https://www.youtube.com/watch?v=Iw8sIBLWE_wExploitThird Party Advisory
- http://www.ti.com/tool/LAUNCHXL-CC2640R2ProductVendor Advisory
- https://asset-group.github.io/disclosures/sweyntooth/Third Party Advisory
- https://www.youtube.com/watch?v=Iw8sIBLWE_wExploitThird Party Advisory
FAQ
What is CVE-2019-17520?
CVE-2019-17520 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio r...
How severe is CVE-2019-17520?
CVE-2019-17520 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17520?
Check the references section above for vendor advisories and patch information. Affected products include: Ti Cc2640R2 Software Development Kit, Ti Cc2640R2.