Vulnerability Details CVE-2021-28139
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.3
References
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
- https://github.com/espressif/esp-idf
- https://github.com/espressif/esp32-bt-lib
- https://www.espressif.com/en/products/socs/esp32
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
- https://github.com/espressif/esp-idf
- https://github.com/espressif/esp32-bt-lib
- https://www.espressif.com/en/products/socs/esp32
Products affected by CVE-2021-28139
-
cpe:2.3:a:espressif:esp-idf:0.9
-
cpe:2.3:a:espressif:esp-idf:1.0
-
cpe:2.3:a:espressif:esp-idf:2.0
-
cpe:2.3:a:espressif:esp-idf:2.0.0
-
cpe:2.3:a:espressif:esp-idf:2.1
-
cpe:2.3:a:espressif:esp-idf:2.1.1
-
cpe:2.3:a:espressif:esp-idf:3.0
-
cpe:2.3:a:espressif:esp-idf:3.0.1
-
cpe:2.3:a:espressif:esp-idf:3.0.2
-
cpe:2.3:a:espressif:esp-idf:3.0.3
-
cpe:2.3:a:espressif:esp-idf:3.0.4
-
cpe:2.3:a:espressif:esp-idf:3.0.5
-
cpe:2.3:a:espressif:esp-idf:3.0.6
-
cpe:2.3:a:espressif:esp-idf:3.0.7
-
cpe:2.3:a:espressif:esp-idf:3.0.8
-
cpe:2.3:a:espressif:esp-idf:3.0.9
-
cpe:2.3:a:espressif:esp-idf:3.1
-
cpe:2.3:a:espressif:esp-idf:3.1.1
-
cpe:2.3:a:espressif:esp-idf:3.1.2
-
cpe:2.3:a:espressif:esp-idf:3.1.3
-
cpe:2.3:a:espressif:esp-idf:3.1.4
-
cpe:2.3:a:espressif:esp-idf:3.1.5
-
cpe:2.3:a:espressif:esp-idf:3.1.6
-
cpe:2.3:a:espressif:esp-idf:3.1.7
-
cpe:2.3:a:espressif:esp-idf:3.2
-
cpe:2.3:a:espressif:esp-idf:3.2.1
-
cpe:2.3:a:espressif:esp-idf:3.2.2
-
cpe:2.3:a:espressif:esp-idf:3.2.3
-
cpe:2.3:a:espressif:esp-idf:3.3
-
cpe:2.3:a:espressif:esp-idf:3.3.1
-
cpe:2.3:a:espressif:esp-idf:3.3.2
-
cpe:2.3:a:espressif:esp-idf:3.3.3
-
cpe:2.3:a:espressif:esp-idf:3.3.4
-
cpe:2.3:a:espressif:esp-idf:4.0
-
cpe:2.3:a:espressif:esp-idf:4.0.0
-
cpe:2.3:a:espressif:esp-idf:4.0.1
-
cpe:2.3:a:espressif:esp-idf:4.0.2
-
cpe:2.3:a:espressif:esp-idf:4.0.3
-
cpe:2.3:a:espressif:esp-idf:4.1
-
cpe:2.3:a:espressif:esp-idf:4.1.1
-
cpe:2.3:a:espressif:esp-idf:4.1.2
-
cpe:2.3:a:espressif:esp-idf:4.1.3
-
cpe:2.3:a:espressif:esp-idf:4.2
-
cpe:2.3:a:espressif:esp-idf:4.2.1
-
cpe:2.3:a:espressif:esp-idf:4.2.2
-
cpe:2.3:a:espressif:esp-idf:4.2.3
-
cpe:2.3:a:espressif:esp-idf:4.3
-
cpe:2.3:a:espressif:esp-idf:4.3.2
-
cpe:2.3:a:espressif:esp-idf:4.4
-
cpe:2.3:h:espressif:esp32:-