Message Integrity Check Vulnerability in Microchip MiWi Software
CVE-2021-37605

7.5HIGH

Key Information:

Vendor

Microchip

Status
Miwi
Vendor
CVE Published:
5 August 2021

What is CVE-2021-37605?

In version 6.5 of Microchip's MiWi software, as well as all prior versions, a significant issue has been identified concerning the validation of Message Integrity Check (MIC) bytes. The software currently only validates two out of the expected four MIC bytes, rendering it susceptible to integrity verification failures. This compromised validation process can potentially allow attackers to interfere with the integrity of the communications within supported devices, thereby undermining the security of wireless protocols utilizing this software.

References

https://www.microchip.com/product-change-notifications/#/
x_refsource_MISC
https://www.microchip.com/en-us/products/wireless-connect...
x_refsource_MISC
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-rele...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-37605 : Message Integrity Check Vulnerability in Microchip MiWi Software