CVE-2018-20378

HIGH

OpenSynergy Blue SDK 3.2-6.0 - Unauthenticated Remote Code Execution via Malicious L2CAP Configuration Requests

Title source: llm
STIX 2.1

Description

The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.cymotive.com/wp-content/uploads/2019/03/Hell2CAP-0day.pdf

Scores

CVSS v3 7.5
EPSS 0.0226
EPSS Percentile 80.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
opensynergy/blue_sdk 3.2 - 5.5.3
Published Mar 29, 2019
Tracked Since Feb 18, 2026