Lucene search

[email protected]NVD:CVE-2022-46401

HistoryDec 19, 2022 - 11:15 p.m.

CVE-2022-46401

2022-12-1923:15:11

[email protected]

web.nvd.nist.gov

microchip

rn4870

firmware

vulnerability

pairing

cve-2022-46401

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

24.2%

JSON

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.

Affected configurations

Nvd

Node

microchipbm78_firmwareMatch1.43

AND

microchipbm78Match-

Node

microchipbm83_firmwareMatch1.43

AND

microchipbm83Match-

Node

microchiprn4870_firmwareMatch1.43

AND

microchiprn4870Match-

Node

microchiprn4871_firmwareMatch1.43

AND

microchiprn4871Match-

Node

microchipbm70_firmwareMatch1.43

AND

microchipbm70Match-

Node

microchipbm71_firmwareMatch1.43

AND

microchipbm71Match-

Node

microchippic_lightblue_explorer_demo_firmwareMatch4.2_dt100112

AND

microchippic_lightblue_explorer_demoMatch-

Node

microchippic32cx1012bz25048_firmwareMatch-

AND

microchippic32cx1012bz25048Match-

Node

microchipwbz451_firmwareMatch-

AND

microchipwbz451Match-

Node

microchiprn4678_firmwareMatch1.43

AND

microchiprn4678Match-

Node

microchipbm77_firmwareMatch1.43

AND

microchipbm77Match-

Node

microchipbm64_firmwareMatch1.43

AND

microchipbm64Match-

VendorProductVersionCPE
microchipbm78_firmware1.43cpe:2.3:o:microchip:bm78_firmware:1.43:*:*:*:*:*:*:*
microchipbm78-cpe:2.3:h:microchip:bm78:-:*:*:*:*:*:*:*
microchipbm83_firmware1.43cpe:2.3:o:microchip:bm83_firmware:1.43:*:*:*:*:*:*:*
microchipbm83-cpe:2.3:h:microchip:bm83:-:*:*:*:*:*:*:*
microchiprn4870_firmware1.43cpe:2.3:o:microchip:rn4870_firmware:1.43:*:*:*:*:*:*:*
microchiprn4870-cpe:2.3:h:microchip:rn4870:-:*:*:*:*:*:*:*
microchiprn4871_firmware1.43cpe:2.3:o:microchip:rn4871_firmware:1.43:*:*:*:*:*:*:*
microchiprn4871-cpe:2.3:h:microchip:rn4871:-:*:*:*:*:*:*:*
microchipbm70_firmware1.43cpe:2.3:o:microchip:bm70_firmware:1.43:*:*:*:*:*:*:*
microchipbm70-cpe:2.3:h:microchip:bm70:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microchip	bm78_firmware	1.43	cpe:2.3:o:microchip:bm78_firmware:1.43:::::::*
microchip	bm78	-	cpe:2.3:h:microchip:bm78:-:::::::*
microchip	bm83_firmware	1.43	cpe:2.3:o:microchip:bm83_firmware:1.43:::::::*
microchip	bm83	-	cpe:2.3:h:microchip:bm83:-:::::::*
microchip	rn4870_firmware	1.43	cpe:2.3:o:microchip:rn4870_firmware:1.43:::::::*
microchip	rn4870	-	cpe:2.3:h:microchip:rn4870:-:::::::*
microchip	rn4871_firmware	1.43	cpe:2.3:o:microchip:rn4871_firmware:1.43:::::::*
microchip	rn4871	-	cpe:2.3:h:microchip:rn4871:-:::::::*
microchip	bm70_firmware	1.43	cpe:2.3:o:microchip:bm70_firmware:1.43:::::::*
microchip	bm70	-	cpe:2.3:h:microchip:bm70:-:::::::*

Rows per page:

1-10 of 241

References

microchip.com

www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM

www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG

www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

24.2%

JSON

Related for NVD:CVE-2022-46401

prion1 cvelist1 cve1