CVE-2020-16630

MEDIUM EPSS 47.2%
Published Sep 20, 20214y ago · Modified Jun 17, 20262w ago
6.8 CVSS 3.1
Medium
Find Similar
Published Sep 20, 2021 4y ago
Last Modified Jun 17, 2026 2w ago

Description

TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission.

CVSS Details

Base Score
6.8
Exploitability
1.6
Impact
5.2
Vector string
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Adjacent
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
47.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 7

VendorProductVersionRange
ti15.4-stack*any
tible5-stack*any
tidynamic_multi-protocal_manager*any
tieasylink*any
tiopenthread*any
tiz-stack*any
tireal-time_operating_system*any

References 2

  • software-dl.ti.com http://software-dl.ti.com/simplelink/esd/simplelink_cc13x2_26x2_sdk/3.20.00.68/exports/changelog.html
    Vendor Advisory
  • usenix.org https://www.usenix.org/system/files/sec20-zhang-yue.pdf
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.