Lucene search

[email protected]NVD:CVE-2022-46400

HistoryDec 19, 2022 - 11:15 p.m.

CVE-2022-46400

2022-12-1923:15:10

[email protected]

web.nvd.nist.gov

microchip

rn4870

firmware

vulnerability

passkey entry

pairing

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.001 Low

EPSS

Percentile

25.0%

JSON

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.

Affected configurations

NVD

Node

microchipbm78_firmwareMatch1.43

AND

microchipbm78Match-

Node

microchipbm83_firmwareMatch1.43

AND

microchipbm83Match-

Node

microchiprn4870_firmwareMatch1.43

AND

microchiprn4870Match-

Node

microchiprn4871_firmwareMatch1.43

AND

microchiprn4871Match-

Node

microchipbm70_firmwareMatch1.43

AND

microchipbm70Match-

Node

microchipbm71_firmwareMatch1.43

AND

microchipbm71Match-

Node

microchippic_lightblue_explorer_demo_firmwareMatch4.2_dt100112

AND

microchippic_lightblue_explorer_demoMatch-

Node

microchipis1870_firmwareMatch1.43

AND

microchipis1870Match-

Node

microchipis1871_firmwareMatch1.43

AND

microchipis1871Match-

References

microchip.com

www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM

www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG

www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for NVD:CVE-2022-46400

cve1 prion1 cvelist1