CVE-2020-26557

CVE-2020-26557

Name

CVE-2020-26557

Description

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://kb.cert.org/vuls/id/799380
MISC	https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/799380

Type

URI

MISC

https://kb.cert.org/vuls/id/799380

MISC

https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

af854a3a-2127-422b-91ae-364da2661108

https://www.kb.cert.org/vuls/id/799380

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:bluetooth:mesh_profile:1.0.0:::::::*`	mesh_profile	== None	== 1.0.0
`cpe:2.3:a:bluetooth:mesh_profile:1.0.1:::::::*`	mesh_profile	== None	== 1.0.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:bluetooth:mesh_profile:1.0.0:*:*:*:*:*:*:*

mesh_profile

== None

== 1.0.0

cpe:2.3:a:bluetooth:mesh_profile:1.0.1:*:*:*:*:*:*:*

mesh_profile

== None

== 1.0.1

References

Match rules

Vulnerable and fixed packages