Home > Vulnerability Database > CVE-2021-31615

Mend.io Vulnerability Database

CVE-2021-31615

Date: June 25, 2021

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.

Severity Score

5.3

Related Resources (5)

Url: https://bluetooth.com

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-31615

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31615

Url: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/

Url: https://www.mend.io/vulnerability-database/CVE-2021-31615

Severity Score

5.3

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.9
Access Vector (AV):	ADJACENT
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-31615

Date: June 25, 2021

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?