// For flags

CVE-2020-16630

 

Severity Score

6.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission.

La pila BLE de TI almacena en caché y reusa la propiedad del LTK para un móvil vinculado. Una LTK puede ser una clave no autenticada y sin protección MITM creada por Just Works o una clave autenticada y con protección MITM creada por Passkey Entry, Numeric Comparison u OOB. Supongamos que un móvil víctima usa el emparejamiento seguro para emparejarse con un dispositivo BLE víctima basado en chips TI y genera una LTK autenticada y de protección MITM. Si un móvil falso con la dirección MAC del móvil víctima usa Just Works y se empareja con el dispositivo víctima, el LTK generado sigue teniendo la propiedad de autenticación y protección MITM. Por lo tanto, el móvil falso puede acceder a los atributos con el permiso de lectura/escritura autenticado

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-08-04 CVE Reserved
  • 2021-09-20 CVE Published
  • 2024-04-26 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-863: Incorrect Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ti
Search vendor "Ti"
15.4-stack
Search vendor "Ti" for product "15.4-stack"
--
Affected
Ti
Search vendor "Ti"
Ble5-stack
Search vendor "Ti" for product "Ble5-stack"
--
Affected
Ti
Search vendor "Ti"
Dynamic Multi-protocal Manager
Search vendor "Ti" for product "Dynamic Multi-protocal Manager"
--
Affected
Ti
Search vendor "Ti"
Easylink
Search vendor "Ti" for product "Easylink"
--
Affected
Ti
Search vendor "Ti"
Openthread
Search vendor "Ti" for product "Openthread"
--
Affected
Ti
Search vendor "Ti"
Z-stack
Search vendor "Ti" for product "Z-stack"
--
Affected
Ti
Search vendor "Ti"
Real-time Operating System
Search vendor "Ti" for product "Real-time Operating System"
--
Affected