Vulnerabilities > CVE-2020-13595 - Reachable Assertion vulnerability in Espressif Esp-Idf

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

espressif

CWE-617

NVD

Published: 2020-08-31

Updated: 2020-09-08

Summary

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.

Vulnerable Configurations

Part	Description	Count
Application	Espressif Espressif ESP IDF 4.0.0 Espressif ESP IDF 4.0.1 Espressif ESP IDF 4.0.2 Espressif ESP IDF 4.0.3 Espressif ESP IDF 4.1 Espressif ESP IDF 4.1.1 Espressif ESP IDF 4.1.2 Espressif ESP IDF 4.1.3 Espressif ESP IDF 4.2	15
Hardware	Espressif Espressif Esp32 -	1

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References