Details of VAR-202002-0487

ID

VAR-202002-0487

CVE

CVE-2019-19192

TITLE

STMicroelectronics BLE Stack Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014669

DESCRIPTION

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets. STMicroelectronics BLE Stack There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2019-19192 // JVNDB: JVNDB-2019-014669 // VULMON: CVE-2019-19192

IOT TAXONOMY

category:

['network device']

sub_category:

bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	st	model:	wb55	scope:	lte	version:	1.3.1	Trust: 1.0
vendor:	st	model:	bluenrg-2	scope:	lte	version:	1.3.1	Trust: 1.0
vendor:	stmicroelectronics	model:	bluenrg-2	scope:	-	version:	-	Trust: 0.8
vendor:	stmicroelectronics	model:	wb55	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-014669 // NVD: CVE-2019-19192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19192
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014669
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202002-705
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-19192
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-19192
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-014669
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2019-19192
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014669
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-19192 // JVNDB: JVNDB-2019-014669 // CNNVD: CNNVD-202002-705 // NVD: CVE-2019-19192

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-014669 // NVD: CVE-2019-19192

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202002-705

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-705

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014669

PATCH

title:	Top Page	url:	https://www.st.com/content/st_com/en.html	Trust: 0.8
title:	sweyntooth_bluetooth_low_energy_attacks	url:	https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks	Trust: 0.1
title:	-	url:	https://github.com/sd258sos/bluetooth-security-app	Trust: 0.1
title:	awesome-bluetooth-security	url:	https://github.com/engn33r/awesome-bluetooth-security	Trust: 0.1
title:	-	url:	https://github.com/JeffroMF/awesome-bluetooth-security321	Trust: 0.1

sources: VULMON: CVE-2019-19192 // JVNDB: JVNDB-2019-014669

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19192	Trust: 2.6
db:	ICS CERT ALERT	id:	ICS-ALERT-20-063-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-014669	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-705	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2019-19192	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2019-19192 // JVNDB: JVNDB-2019-014669 // CNNVD: CNNVD-202002-705 // NVD: CVE-2019-19192

REFERENCES

url:	https://asset-group.github.io/disclosures/sweyntooth/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19192	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19192	Trust: 0.8
url:	https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/matheus-garbelini/sweyntooth_bluetooth_low_energy_attacks	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2019-19192 // JVNDB: JVNDB-2019-014669 // CNNVD: CNNVD-202002-705 // NVD: CVE-2019-19192

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2019-19192
db:	JVNDB	id:	JVNDB-2019-014669
db:	CNNVD	id:	CNNVD-202002-705
db:	NVD	id:	CVE-2019-19192

LAST UPDATE DATE

2025-01-30T22:06:53.744000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-19192	date:	2020-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-014669	date:	2020-03-27T00:00:00
db:	CNNVD	id:	CNNVD-202002-705	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2019-19192	date:	2024-11-21T04:34:17.740

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-19192	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014669	date:	2020-03-09T00:00:00
db:	CNNVD	id:	CNNVD-202002-705	date:	2020-02-12T00:00:00
db:	NVD	id:	CVE-2019-19192	date:	2020-02-12T19:15:14.110