Cyber Resilience

CVE-2021-28139

High

Published: 07 September 2021

Published
07 September 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0117 79.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-28139 is a high-severity an unspecified weakness vulnerability in Espressif Esp-Idf. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a…

more

crafted Extended Features bitfield payload.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

espressif
esp-idf
≤ 4.4

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References