Lucene search

[email protected]NVD:CVE-2022-46402

HistoryDec 19, 2022 - 11:15 p.m.

CVE-2022-46402

2022-12-1923:15:11

CWE-354

[email protected]

web.nvd.nist.gov

microchip

rn4870

firmware

vulnerability

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

22.1%

JSON

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.

Affected configurations

NVD

Node

microchipbm78_firmwareMatch1.43

AND

microchipbm78Match-

Node

microchipbm83_firmwareMatch1.43

AND

microchipbm83Match-

Node

microchiprn4870_firmwareMatch1.43

AND

microchiprn4870Match-

Node

microchiprn4871_firmwareMatch1.43

AND

microchiprn4871Match-

Node

microchipbm70_firmwareMatch1.43

AND

microchipbm70Match-

Node

microchipbm71_firmwareMatch1.43

AND

microchipbm71Match-

Node

microchippic_lightblue_explorer_demo_firmwareMatch4.2_dt100112

AND

microchippic_lightblue_explorer_demoMatch-

Node

microchipis1870_firmwareMatch1.43

AND

microchipis1870Match-

Node

microchipis1871_firmwareMatch1.43

AND

microchipis1871Match-

References

microchip.com

www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM

www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG

www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

22.1%

JSON

Related for NVD:CVE-2022-46402

prion1 cvelist1 cve1