Unresponsive Firmware in Microchip RN4870 Module and PIC LightBlue Explorer Demo
CVE-2022-46399

7.5HIGH

Key Information:

Vendor: Microchip
Status: Bm78 Firmware
Vendor: CVE Published:; 19 December 2022

What is CVE-2022-46399?

The Microchip RN4870 module's firmware version 1.43 and the PIC LightBlue Explorer Demo 4.2 DT100112 exhibit a problematic behavior where the module becomes unresponsive due to the ConReqTimeoutZero condition. This flaw may hinder connectivity and operational efficiency, presenting risks for devices relying on stable Bluetooth LE communications. It is crucial for users to be aware of this behavior and implement necessary mitigations to maintain device reliability.

References

https://www.computer.org/csdl/proceedings/sp/2023/1He7WWu...

https://www.computer.org/csdl/proceedings-article/sp/2023...

https://microchip.com

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Dec 4, 2022