Thedjnk

**Name of the Vulnerable Software and Affected Versions** Bluetooth (affected versions not specified) **Description** The issue concerns the `BT GATT PERM READ LESC` and `BT GATT PERM WRITE LESC` defines for a Bluetooth characteristic, which specify attribute read/write permission with LE Secure Connection encryption. When set, these permissions require LE Secure Connections for read/write access, but only when combined with other permissions, such as `BT GATT PERM READ ENCRYPT`/`BT GATT PERM READ AUTHEN` for read or `BT GATT PERM WRITE ENCRYPT`/`BT GATT PERM WRITE AUTHEN` for write. If these additional permissions are not set, even in secure connections only mode, the stack does not perform permission checks on these characteristics, allowing them to be freely written or read. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.