Denial of Service Vulnerability in Cypress Bluetooth Stack for CYW20735B1
CVE-2021-34147

6.5MEDIUM

Key Information:

Vendor

Cypress

Status
Wireless Internet Connectivity For Embedded Devices
Vendor
CVE Published:
7 September 2021

What is CVE-2021-34147?

The Bluetooth Classic implementation in the Cypress WICED BT stack for the CYW20735B1 device possesses a significant flaw that compromises the handling of malformed LMP timing accuracy responses. This vulnerability can lead to excessive consumption of Bluetooth resources when an attacker sends specially crafted messages in quick succession. By exploiting this weakness, an adversary can trigger repeated reconnections to the link slave, ultimately resulting in system crashes and a denial of service. Devices using versions prior to 2.9.0 of the WICED BT stack are particularly at risk and should be assessed for potential exposure to this threat.

References

https://www.cypress.com/documentation/datasheets/cyw20735...
x_refsource_MISC
https://dl.packetstormsecurity.net/papers/general/braktoo...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-34147 : Denial of Service Vulnerability in Cypress Bluetooth Stack for CYW20735B1