Attribute Read Permission with LE Secure Connection Encryption
CVE-2024-1638

8.2HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 19 February 2024

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2024-1638?

The vulnerability in the Bluetooth characteristic permissions of Zephyr RTOS arises from a failure to enforce proper access controls when certain permissions are not configured. Specifically, the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC settings are intended to ensure that read and write operations on Bluetooth characteristics require LE Secure Connections. However, this security measure is rendered ineffective if other necessary permissions, such as BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN for reading or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN for writing, are not also enabled. As a result, without these additional permission checks, an attacker could potentially exploit this oversight to gain unauthorized access to sensitive data through unrestricted read or write capabilities, even when secure connections are in operation.

Affected Version(s)

Zephyr * <= 3.5

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2024
Vulnerability Reserved
Feb 19, 2024