CVE-2020-13593
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).
La implementación del Bluetooth Low Energy Secure Manager Protocol (SMP) en Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK versiones hasta 2.2.3, permite omitir una comprobación de Diffie-Hellman durante el emparejamiento de la Conexión Segura si la configuración de cifrado de la capa de enlace es llevada a cabo antes. Un atacante dentro del radio de alcance puede lograr acceso arbitrario de lectura y escritura a datos de servicio protegidos por GATT, causar una denegación de servicio o posiblemente controlar la función de un dispositivo al establecer una sesión cifrada con una Long Term Key (LTK) no autenticada
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-26 CVE Reserved
- 2020-08-31 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://asset-group.github.io/cves.html | Third Party Advisory | |
https://asset-group.github.io/disclosures/sweyntooth | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.ti.com/tool/BLE-STACK | 2021-07-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ti Search vendor "Ti" | Simplelink-cc2640r2 Software Development Kit Search vendor "Ti" for product "Simplelink-cc2640r2 Software Development Kit" | <= 2.2.3 Search vendor "Ti" for product "Simplelink-cc2640r2 Software Development Kit" and version " <= 2.2.3" | - |
Affected
|