CVE-2021-34144 — MEDIUM (6.5)

Q: How severe is CVE-2021-34144?

CVE-2021-34144 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-34144?

Check the references section above for vendor advisories and patch information. Affected products include: Zh-Jieli Fw-Ac63 Bt Sdk, Zh-Jieli Ac6936, Zh-Jieli Ac6951, Zh-Jieli Ac6952, Zh-Jieli Ac6954.

Vulnerability Description

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zh-Jieli	Fw-Ac63 Bt Sdk	<= 0.9.1
Zh-Jieli	Ac6936	-
Zh-Jieli	Ac6951	-
Zh-Jieli	Ac6952	-
Zh-Jieli	Ac6954	-
Zh-Jieli	Ac6955	-
Zh-Jieli	Ac6956	-
Zh-Jieli	Ac6963	-
Zh-Jieli	Ac6965	-
Zh-Jieli	Ac6966	-
Zh-Jieli	Ac6969	-
Zh-Jieli	Ac6973	-
Zh-Jieli	Ac6976	-
Zh-Jieli	Ac6983	-
Zh-Jieli	Ac6986	-

References

https://dl.packetstormsecurity.net/papers/general/braktooth.pdfTechnical DescriptionThird Party Advisory
https://github.com/Jieli-Tech/fw-AC63_BT_SDKThird Party Advisory
https://launchstudio.bluetooth.com/ListingDetails/91371Third Party Advisory
https://dl.packetstormsecurity.net/papers/general/braktooth.pdfTechnical DescriptionThird Party Advisory
https://github.com/Jieli-Tech/fw-AC63_BT_SDKThird Party Advisory
https://launchstudio.bluetooth.com/ListingDetails/91371Third Party Advisory

FAQ

What is CVE-2021-34144?

CVE-2021-34144 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are...

How severe is CVE-2021-34144?

CVE-2021-34144 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34144?

Check the references section above for vendor advisories and patch information. Affected products include: Zh-Jieli Fw-Ac63 Bt Sdk, Zh-Jieli Ac6936, Zh-Jieli Ac6951, Zh-Jieli Ac6952, Zh-Jieli Ac6954.