Vulnerability Details CVE-2019-15948
Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.084
EPSS Ranking 91.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
- https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/856161
- https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/ti_wl18xx_adv_rce.py
- https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs
- https://www.linkedin.com/in/veronica-kovah-2587185
- https://www.youtube.com/watch?v=bk5lOxieqbA
- https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/856161
- https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/ti_wl18xx_adv_rce.py
- https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs
- https://www.linkedin.com/in/veronica-kovah-2587185
- https://www.youtube.com/watch?v=bk5lOxieqbA
Products affected by CVE-2019-15948
-
cpe:2.3:h:ti:cc256xb-bt-sp:-
-
cpe:2.3:h:ti:cc256xc-bt-sp:-
-
cpe:2.3:h:ti:wl18xx-bt-sp:-
-
cpe:2.3:o:ti:cc256xb-bt-sp_firmware:1.8
-
cpe:2.3:o:ti:cc256xc-bt-sp_firmware:*
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.2
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.3
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.4
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.5
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.6
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.6.1
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.7
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.8
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:3.9
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:4.2
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:4.3
-
cpe:2.3:o:ti:wl18xx-bt-sp_firmware:4.4