CVE-2021-37604:Microchip MiWi Software Frame Counter Validation Vulnerability

splash
Back

Description Preview

In Microchip MiWi software version 6.5 and all previous versions (including legacy products), there is a critical security vulnerability where frame counters are validated and updated before message authentication is performed. This flaw allows attackers to manipulate frame counter values by injecting messages with large frame counter values and invalid payloads, potentially causing denial of service conditions or enabling replay attacks against the network.

Overview

This vulnerability (CVE-2021-37604) affects the Microchip MiWi wireless protocol stack, which is commonly used in IoT and embedded devices for sub-GHz wireless communications. The issue stems from an improper sequence of operations in the protocol implementation where frame counter validation occurs before message authentication. This incorrect sequence creates two significant security issues:

  1. An attacker can inject messages with artificially high frame counter values and invalid payloads, causing legitimate devices to update their frame counter expectations. This can lead to denial of service as legitimate messages with normal frame counter values would then be rejected as "old" or "replayed."

  2. The vulnerability also enables potential replay attacks against the network, where previously captured valid messages could be retransmitted and accepted by receiving devices.

This vulnerability is categorized as CWE-670 (Always-Incorrect Control Flow Implementation), reflecting how the improper sequence of security checks fundamentally undermines the protocol's security model.

Remediation

Users of Microchip MiWi software should take the following actions:

  1. Update to the latest version of the Advanced Software Framework (ASF) that contains the patched MiWi implementation. The fixed version is available in ASF 3.50.0.100 or later.

  2. If immediate updating is not possible, consider implementing additional security controls at the application layer to validate message authenticity and freshness.

  3. Monitor network traffic for unusual patterns that might indicate exploitation attempts, such as sudden increases in frame counter values or unexpected communication patterns.

  4. For critical deployments, consider implementing network segmentation to isolate MiWi-based devices from potential attackers.

  5. Consult the Microchip MiWi Software Vulnerability Response page for specific guidance related to your implementation.

References

  1. ASF Release Notes 3.50.0.100: https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf

  2. Advanced Software Framework Downloads: https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads

  3. MiWi Software Vulnerability Response: https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability

  4. MiWi Protocol Information: https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol

  5. Microchip Product Change Notifications: https://www.microchip.com/product-change-notifications/#/

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database