Details of VAR-202002-0391

ID

VAR-202002-0391

CVE

CVE-2019-17520

TITLE

CC2640R2 For devices Texas Instruments SDK Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014584

DESCRIPTION

The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets. CC2640R2 For devices Texas Instruments SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2019-17520 // JVNDB: JVNDB-2019-014584 // VULMON: CVE-2019-17520

IOT TAXONOMY

category:

['network device']

sub_category:

bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	ti	model:	cc2640r2 software development kit	scope:	lte	version:	3.30.00.20	Trust: 1.0
vendor:	texas instruments incorporated ti	model:	simplelink-cc2640r2-sdk	scope:	eq	version:	3.30.00.20	Trust: 0.8

sources: JVNDB: JVNDB-2019-014584 // NVD: CVE-2019-17520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17520
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014584
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202002-351
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-17520
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-17520
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-014584
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2019-17520
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014584
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-17520 // JVNDB: JVNDB-2019-014584 // CNNVD: CNNVD-202002-351 // NVD: CVE-2019-17520

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-014584 // NVD: CVE-2019-17520

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202002-351

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202002-351

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014584

PATCH

title:	SimpleLink Bluetooth Low Energy CC2640R2F wireless MCU LaunchPad development kit	url:	http://www.ti.com/tool/LAUNCHXL-CC2640R2	Trust: 0.8
title:	Texas Instruments SDK Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109497	Trust: 0.6
title:	sweyntooth_bluetooth_low_energy_attacks	url:	https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks	Trust: 0.1
title:	-	url:	https://github.com/sd258sos/bluetooth-security-app	Trust: 0.1
title:	awesome-bluetooth-security	url:	https://github.com/engn33r/awesome-bluetooth-security	Trust: 0.1
title:	-	url:	https://github.com/JeffroMF/awesome-bluetooth-security321	Trust: 0.1

sources: VULMON: CVE-2019-17520 // JVNDB: JVNDB-2019-014584 // CNNVD: CNNVD-202002-351

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17520	Trust: 2.6
db:	ICS CERT ALERT	id:	ICS-ALERT-20-063-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-014584	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-351	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2019-17520	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2019-17520 // JVNDB: JVNDB-2019-014584 // CNNVD: CNNVD-202002-351 // NVD: CVE-2019-17520

REFERENCES

url:	https://www.youtube.com/watch?v=iw8siblwe_w	Trust: 2.5
url:	http://www.ti.com/tool/launchxl-cc2640r2	Trust: 1.7
url:	https://asset-group.github.io/disclosures/sweyntooth/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17520	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17520	Trust: 0.8
url:	https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/matheus-garbelini/sweyntooth_bluetooth_low_energy_attacks	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2019-17520 // JVNDB: JVNDB-2019-014584 // CNNVD: CNNVD-202002-351 // NVD: CVE-2019-17520

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2019-17520
db:	JVNDB	id:	JVNDB-2019-014584
db:	CNNVD	id:	CNNVD-202002-351
db:	NVD	id:	CVE-2019-17520

LAST UPDATE DATE

2025-01-30T19:50:30.741000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-17520	date:	2020-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-014584	date:	2020-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202002-351	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2019-17520	date:	2024-11-21T04:32:26.073

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-17520	date:	2020-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-014584	date:	2020-03-02T00:00:00
db:	CNNVD	id:	CNNVD-202002-351	date:	2020-02-10T00:00:00
db:	NVD	id:	CVE-2019-17520	date:	2020-02-10T21:51:15.953