CVE-2020-16630

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission.

La pila BLE de TI almacena en caché y reusa la propiedad del LTK para un móvil vinculado. Una LTK puede ser una clave no autenticada y sin protección MITM creada por Just Works o una clave autenticada y con protección MITM creada por Passkey Entry, Numeric Comparison u OOB. Supongamos que un móvil víctima usa el emparejamiento seguro para emparejarse con un dispositivo BLE víctima basado en chips TI y genera una LTK autenticada y de protección MITM. Si un móvil falso con la dirección MAC del móvil víctima usa Just Works y se empareja con el dispositivo víctima, el LTK generado sigue teniendo la propiedad de autenticación y protección MITM. Por lo tanto, el móvil falso puede acceder a los atributos con el permiso de lectura/escritura autenticado

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-08-04 CVE Reserved
2021-09-20 CVE Published
2024-04-26 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-863: Incorrect Authorization

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://www.usenix.org/system/files/sec20-zhang-yue.pdf	2024-08-04

URL	Date	SRC

URL	Date	SRC
http://software-dl.ti.com/simplelink/esd/simplelink_cc13x2_26x2_sdk/3.20.00.68/exports/changelog.html	2021-10-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ti Search vendor "Ti"		15.4-stack Search vendor "Ti" for product "15.4-stack"				-		-		Affected
Ti Search vendor "Ti"		Ble5-stack Search vendor "Ti" for product "Ble5-stack"				-		-		Affected
Ti Search vendor "Ti"		Dynamic Multi-protocal Manager Search vendor "Ti" for product "Dynamic Multi-protocal Manager"				-		-		Affected
Ti Search vendor "Ti"		Easylink Search vendor "Ti" for product "Easylink"				-		-		Affected
Ti Search vendor "Ti"		Openthread Search vendor "Ti" for product "Openthread"				-		-		Affected
Ti Search vendor "Ti"		Z-stack Search vendor "Ti" for product "Z-stack"				-		-		Affected
Ti Search vendor "Ti"		Real-time Operating System Search vendor "Ti" for product "Real-time Operating System"				-		-		Affected