CVE-2021-34147

BRAKTOOTH: Causing Havoc on Bluetooth Link Manager

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress.

Una implementación de Bluetooth Classic en la pila BT de Cypress WICED versiones hasta 2.9.0 para CYW20735B1, no maneja apropiadamente la recepción de una respuesta de precisión de tiempo LMP malformada seguida de múltiples reconexiones al esclavo de enlace, permitiendo a atacantes agotar los recursos BT del dispositivo y, finalmente, desencadenar un fallo por medio de múltiples intentos de envío de una respuesta de precisión de tiempo LMP diseñada seguida de una reconexión repentina con una dirección BDA aleatoria

This whitepaper discusses BRAKTOOTH, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-06-07 CVE Reserved
2021-09-03 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (2)

URL	Tag	Source
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Technical Description

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices	2021-09-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cypress Search vendor "Cypress"	Wireless Internet Connectivity For Embedded Devices Search vendor "Cypress" for product "Wireless Internet Connectivity For Embedded Devices"	<= 2.9.0 Search vendor "Cypress" for product "Wireless Internet Connectivity For Embedded Devices" and version " <= 2.9.0"	-	Affected	in	Cypress Search vendor "Cypress"	Cyw20735b1 Search vendor "Cypress" for product "Cyw20735b1"	-	-	Safe