Details of VAR-202002-0394

ID

VAR-202002-0394

CVE

CVE-2019-17519

TITLE

KW41Z For devices NXP SDK Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014660

DESCRIPTION

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet. KW41Z For devices NXP SDK Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2019-17519 // JVNDB: JVNDB-2019-014660 // VULMON: CVE-2019-17519

IOT TAXONOMY

category:

['network device']

sub_category:

bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	nxp	model:	mcuxpresso software development kit	scope:	lte	version:	2.2.1	Trust: 1.0
vendor:	nxp semiconductors	model:	kw41z sdk	scope:	eq	version:	2.2.1	Trust: 0.8

sources: JVNDB: JVNDB-2019-014660 // NVD: CVE-2019-17519

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17519
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014660
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202002-704
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-17519
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-17519
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-014660
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2019-17519
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014660
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-17519 // JVNDB: JVNDB-2019-014660 // CNNVD: CNNVD-202002-704 // NVD: CVE-2019-17519

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-014660 // NVD: CVE-2019-17519

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202002-704

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-704

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014660

PATCH

title:	Top Page	url:	https://www.nxp.com/	Trust: 0.8
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-17519	Trust: 0.1
title:	sweyntooth_bluetooth_low_energy_attacks	url:	https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks	Trust: 0.1
title:	-	url:	https://github.com/sd258sos/bluetooth-security-app	Trust: 0.1
title:	awesome-bluetooth-security	url:	https://github.com/engn33r/awesome-bluetooth-security	Trust: 0.1
title:	-	url:	https://github.com/JeffroMF/awesome-bluetooth-security321	Trust: 0.1

sources: VULMON: CVE-2019-17519 // JVNDB: JVNDB-2019-014660

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17519	Trust: 2.6
db:	ICS CERT ALERT	id:	ICS-ALERT-20-063-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-014660	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-704	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2019-17519	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2019-17519 // JVNDB: JVNDB-2019-014660 // CNNVD: CNNVD-202002-704 // NVD: CVE-2019-17519

REFERENCES

url:	https://asset-group.github.io/disclosures/sweyntooth/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17519	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17519	Trust: 0.8
url:	https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-17519	Trust: 0.1
url:	https://github.com/matheus-garbelini/sweyntooth_bluetooth_low_energy_attacks	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2019-17519 // JVNDB: JVNDB-2019-014660 // CNNVD: CNNVD-202002-704 // NVD: CVE-2019-17519

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2019-17519
db:	JVNDB	id:	JVNDB-2019-014660
db:	CNNVD	id:	CNNVD-202002-704
db:	NVD	id:	CVE-2019-17519

LAST UPDATE DATE

2025-01-30T21:04:40.927000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-17519	date:	2022-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-014660	date:	2020-03-26T00:00:00
db:	CNNVD	id:	CNNVD-202002-704	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2019-17519	date:	2024-11-21T04:32:25.940

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-17519	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014660	date:	2020-03-06T00:00:00
db:	CNNVD	id:	CNNVD-202002-704	date:	2020-02-12T00:00:00
db:	NVD	id:	CVE-2019-17519	date:	2020-02-12T19:15:14.047