Scanner gratuitement
HIGHCVE-2024-1638CVSS 8.2

Bluetooth characteristic LESC security requirement not enforced without additional flags

traduction en cours…

Plateforme

c

Composant

zephyr

Corrigé dans

3.5.1

AI Confidence: highNVDEPSS 0.2%Révisé: mai 2026
Voir sur NVD
Sauvegarder
Traduction vers votre langue…

CVE-2024-1638 is a high-severity vulnerability affecting Zephyr RTOS versions up to 3.5. It stems from an incorrect implementation of Bluetooth Low Energy (BLE) permission handling, specifically concerning LE Secure Connections. This flaw allows unauthorized access to Bluetooth characteristics, potentially leading to data breaches and control compromise. The vulnerability is fixed in version 3.5.1.

Impact et Scénarios d'Attaquetraduction en cours…

The core of the vulnerability lies in the misinterpretation of BLE characteristic permissions. The Zephyr BLE stack incorrectly handles the BTGATTPERMREADLESC and BTGATTPERMWRITELESC flags. While these flags are intended to enforce LE Secure Connections for read and write operations, the stack fails to do so when combined with other permissions like BTGATTPERMREADENCRYPT/BTGATTPERMREADAUTHEN or BTGATTPERMWRITEENCRYPT/BTGATTPERMWRITEAUTHEN. An attacker can exploit this by crafting malicious BLE connections that bypass the intended security measures. This could allow them to read or write sensitive data transmitted over the BLE link without proper encryption or authentication, potentially leading to device compromise and data theft. The blast radius extends to any device utilizing Zephyr's BLE stack in vulnerable configurations.

Contexte d'Exploitationtraduction en cours…

CVE-2024-1638 was publicly disclosed on February 19, 2024. The vulnerability's impact is amplified by the widespread use of BLE in IoT devices. While no public exploits have been released, the ease of exploitation makes it a potential target for attackers. The CVSS score of 8.2 (HIGH) reflects the potential for significant impact. It is not currently listed on the CISA KEV catalog, but its severity warrants monitoring.

Qui Est à Risquetraduction en cours…

Devices utilizing Zephyr RTOS in Bluetooth Low Energy (BLE) applications are at risk. This includes IoT devices, wearables, and industrial control systems that rely on BLE for communication. Legacy Zephyr deployments and those with custom BLE implementations are particularly vulnerable, as they may not have been updated to address this issue.

Étapes de Détectiontraduction en cours…

• linux / server: Examine Zephyr BLE stack logs for unusual connection attempts or permission errors. Use journalctl -u zephyr to filter for BLE-related messages.

journalctl -u zephyr | grep -i "permission denied"

• c: Review Zephyr source code for instances of BTGATTPERMREADLESC and BTGATTPERMWRITELESC to identify potential vulnerable configurations. Use static analysis tools to detect code patterns that violate the intended permission logic. • generic web: Monitor BLE traffic using tools like Wireshark to identify connections that bypass LE Secure Connections. Look for connections where encryption/authentication is not enforced despite the presence of BTGATTPERMREADLESC or BTGATTPERMWRITELESC.

Chronologie de l'Attaque

  1. Disclosure

    disclosure

  2. Patch

    patch

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Exposition InternetÉlevée

EPSS

0.15% (percentile 36%)

CISA SSVC

Exploitationnone
Automatisableyes
Impact Techniquepartial

Vecteur CVSS

RENSEIGNEMENT SUR LES MENACES· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N8.2HIGHAttack VectorNetworkComment l'attaquant atteint la cibleAttack ComplexityLowConditions requises pour exploiterPrivileges RequiredNoneNiveau d'authentification requisUser InteractionNoneSi une action de la victime est requiseScopeUnchangedImpact au-delà du composant affectéConfidentialityHighRisque d'exposition de données sensiblesIntegrityLowRisque de modification non autorisée de donnéesAvailabilityNoneRisque d'interruption de servicenextguardhq.com · Score de base CVSS v3.1
Que signifient ces métriques?
Attack Vector
Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity
Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required
Aucun — sans authentification. Aucune identifiant requis pour exploiter.
User Interaction
Aucune — attaque automatique et silencieuse. La victime ne fait rien.
Scope
Inchangé — impact limité au composant vulnérable.
Confidentiality
Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
Integrity
Faible — l'attaquant peut modifier certaines données avec un impact limité.
Availability
Aucun — aucun impact sur la disponibilité.

Logiciel Affecté

Composantzephyr
Fournisseurzephyrproject-rtos
Plage affectéeCorrigé dans
* – 3.53.5.1

Classification de Faiblesse (CWE)

CWE-20

Chronologie

  1. Réservé
  2. Publiée
  3. Modifiée
  4. EPSS mis à jour

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2024-1638 is to upgrade to Zephyr RTOS version 3.5.1 or later, which includes the corrected BLE permission handling. If upgrading is not immediately feasible, consider implementing compensating controls. Carefully review BLE characteristic permissions in your application, ensuring that BTGATTPERMREADENCRYPT/BTGATTPERMREADAUTHEN and BTGATTPERMWRITEENCRYPT/BTGATTPERMWRITEAUTHEN are always set alongside BTGATTPERMREADLESC and BTGATTPERMWRITELESC. Consider implementing a Web Application Firewall (WAF) or proxy to filter BLE traffic and block connections that attempt to bypass security checks. After upgrading, confirm the fix by attempting a BLE connection without the required encryption/authentication permissions and verifying that access is denied.

Comment corrigertraduction en cours…

Actualice Zephyr a una versión posterior a 3.5 que incluya la corrección para esta vulnerabilidad. Asegúrese de aplicar las configuraciones de seguridad recomendadas para las características Bluetooth, incluyendo el uso de BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN o BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN junto con BT_GATT_PERM_READ_LESC y BT_GATT_PERM_WRITE_LESC.

Newsletter Sécurité CVE

Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.

Questions fréquentestraduction en cours…

What is CVE-2024-1638 — BLE Vulnerability in Zephyr RTOS?

CVE-2024-1638 is a high-severity vulnerability in Zephyr RTOS affecting BLE characteristic permission handling. It allows unauthorized access to BLE data if versions are ≤3.5.

Am I affected by CVE-2024-1638 in Zephyr RTOS?

If you are using Zephyr RTOS version 3.5 or earlier, you are potentially affected. Upgrade to 3.5.1 to mitigate the risk.

How do I fix CVE-2024-1638 in Zephyr RTOS?

Upgrade to Zephyr RTOS version 3.5.1 or later. Review BLE characteristic permissions and ensure proper encryption/authentication is enforced.

Is CVE-2024-1638 being actively exploited?

While no public exploits are currently known, the vulnerability's ease of exploitation makes it a potential target for attackers.

Where can I find the official Zephyr advisory for CVE-2024-1638?

Refer to the Zephyr Project security advisory for detailed information and updates: https://security.zephyrproject.org/

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE