Vulnerability Description
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bluetooth | Bluetooth Core Specification | >= 4.0, <= 5.2 |
Related Weaknesses (CWE)
References
- https://bluetooth.comVendor Advisory
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-securitVendor Advisory
- https://bluetooth.comVendor Advisory
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-securitVendor Advisory
FAQ
What is CVE-2021-31615?
CVE-2021-31615 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening dev...
How severe is CVE-2021-31615?
CVE-2021-31615 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31615?
Check the references section above for vendor advisories and patch information. Affected products include: Bluetooth Bluetooth Core Specification.