CVE-2020-26560

Name
CVE-2020-26560
Description
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://kb.cert.org/vuls/id/799380
MISC https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bluetooth:mesh_profile:1.0.0:*:*:*:*:*:*:* mesh_profile == None == 1.0.0
cpe:2.3:a:bluetooth:mesh_profile:1.0.1:*:*:*:*:*:*:* mesh_profile == None == 1.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status