Vulnerability Description
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ti | Ble-Stack | <= 1.5.0 |
| Ti | Cc2640R2 Software Development Kit | <= 3.30.00.20 |
| Ti | Cc2540\/1 | < q4_2019 |
| Ti | Cc2640R2 | < q4_2019 |
References
- http://www.ti.com/tool/BLE-STACKVendor Advisory
- https://asset-group.github.io/disclosures/sweyntooth/Third Party Advisory
- http://www.ti.com/tool/BLE-STACKVendor Advisory
- https://asset-group.github.io/disclosures/sweyntooth/Third Party Advisory
FAQ
What is CVE-2019-19193?
CVE-2019-19193 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not...
How severe is CVE-2019-19193?
CVE-2019-19193 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19193?
Check the references section above for vendor advisories and patch information. Affected products include: Ti Ble-Stack, Ti Cc2640R2 Software Development Kit, Ti Cc2540\/1, Ti Cc2640R2.