Strix
26.1K

CVE-2019-19194

HIGHCVSS 8.8/10EPSS 1.00%

Last modified

CVE-2019-19194 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK.. EPSS estimates a 1.00% chance of exploitation in the next 30 days.

Description

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.00%

58.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Telink-SemiTlsr8258 Ble Sdk<= 3.4.0
Telink-SemiTlsr8269 Ble Sdk<= 3.3
Telink-SemiTlsr8253 Ble Sdk<= 3.4.0
Telink-SemiTlsr8251 Ble Sdk<= 3.4.0
Telink-SemiTlsr8232 Ble Sdk<= 1.3.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-19194?
The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK.
How severe is CVE-2019-19194?
CVE-2019-19194 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.00% probability of exploitation in the next 30 days.
How do I fix CVE-2019-19194?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-19194?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST