Vulnerabilities > CVE-2020-13593 - Incorrect Authorization vulnerability in TI Simplelink-Cc2640R2 Software Development KIT 2.2.3
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |