Vulnerability CVE-2021-28135
Published: 2021-09-07

Description:
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Espressif -> Esp-idf 

 References:
https://github.com/espressif/esp32-bt-lib
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://www.espressif.com/en/products/socs/esp32
https://github.com/espressif/esp-idf
Copyright 2024, cxsecurity.com

 

Back to Top