Unresponsive Firmware in Microchip RN4870 Module and PIC LightBlue Explorer Demo
CVE-2022-46399

7.5HIGH

Key Information:

Vendor

Microchip

Vendor
CVE Published:
19 December 2022

What is CVE-2022-46399?

The Microchip RN4870 module's firmware version 1.43 and the PIC LightBlue Explorer Demo 4.2 DT100112 exhibit a problematic behavior where the module becomes unresponsive due to the ConReqTimeoutZero condition. This flaw may hinder connectivity and operational efficiency, presenting risks for devices relying on stable Bluetooth LE communications. It is crucial for users to be aware of this behavior and implement necessary mitigations to maintain device reliability.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.