Risk | Low |
Patch available | NO |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2020-26555 CVE-2020-26560 CVE-2020-26559 CVE-2020-26557 CVE-2020-26556 CVE-2020-26558 |
CWE-ID | CWE-284 CWE-254 CWE-287 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software |
Bluetooth Core Specification Other software / Other software solutions Bluetooth Mesh profile Other software / Other software solutions |
Vendor | Bluetooth SIG, Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU53578
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26555
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the Bluetooth legacy BR/EDR PIN code pairing. An attacker with physical access can spoof the BD_ADDR of the peer device and complete pairing without knowledge of the PIN.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBluetooth Core Specification: - - 5.2
CPE2.3https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53585
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26560
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to an impersonation in the Mesh Provisioning procedure flaw. A remote attacker on the local network can spoof a device being provisioned, authenticate without the AuthValue and perform any operation permitted to a node provisioned on the subnet.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBluetooth Mesh profile: 1.0 - 1.0.1
CPE2.3https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53583
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26559
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the leak of AuthValue in the Mesh Provisioning procedure. A remote attacker on the local network can perform a brute-force attack to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBluetooth Mesh profile: 1.0 - 1.0.1
CPE2.3https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53582
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26557
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the use of predictable AuthValue in the Mesh Provisioning procedure. A remote attacker on the local network can perform a brute-force attack to obtain the AuthValue and authenticate to both the Provisioner and provisioned devices.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBluetooth Mesh profile: 1.0 - 1.0.1
CPE2.3https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53581
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26556
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to a flaw in the authentication protocol. An attacker with physical access can identify the AuthValue used before the provisioning procedure times out, complete the provisioning operation and obtain a NetKey.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBluetooth Mesh profile: 1.0 - 1.0.1
CPE2.3https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53580
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the issue within the Authentication of the Bluetooth LE legacy pairing protocol. An attacker with physical access can reflect the confirmation and random numbers of a peer device in LE legacy pairing to successfully complete legacy authentication phase 2 without knowledge of the temporary key (TK).
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBluetooth Core Specification: - - 5.2
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53579
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26558
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.
Note: This vulnerability affects the following specifications:
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBluetooth Core Specification: - - 5.2
CPE2.3https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.