CVE-2022-46403

moderate-risk
Published 2022-12-19

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (9)

Bm78 Firmware
Bm83 Firmware
Rn4870 Firmware
Rn4871 Firmware
Bm70 Firmware
Bm71 Firmware
Pic Lightblue Explorer Demo Firmware
Is1871 Firmware
Is1870 Firmware

Affected Vendors

Microchip

References (8)

Product https://microchip.com
Exploit https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
Third Party Advisory https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
Vendor Advisory https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerab...
Product https://microchip.com
Exploit https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
Third Party Advisory https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
Vendor Advisory https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerab...
45
/ 100
moderate-risk
Severity 29/34 · Critical
Exploitability 1/34 · Minimal
Exposure 15/34 · Moderate