Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2020-26559

Published: 24/05/2021 Updated: 03/06/2021
CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 517
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mesh Profile

Vulnerability Summary

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bluetooth mesh profile 1.0.0

bluetooth mesh profile 1.0.1

Vendor Advisories

Debian CVElist Bug Report Logs: BlueMirror mesh attacks - CVE-2020-26556, CVE-2020-26557, CVE-2020-26559, CVE-2020-26560
Debian Bug report logs - #1006406 BlueMirror mesh attacks - CVE-2020-26556, CVE-2020-26557, CVE-2020-26559, CVE-2020-26560 Package: src:bluez; Maintainer for src:bluez is Debian Bluetooth Maintainers <team+pkg-bluetooth@trackerdebianorg>; Reported by: Ben Hutchings <ben@decadentorguk> Date: Fri, 25 Feb 2022 02:30: ...
Red Hat: CVE-2020-26559
A flaw was found in the Linux kernel’s Bluetooth Mesh Profile implementation The Mesh Provisioning procedure has a vulnerability that allows an attacker that was provisioned without access to the AuthValue to identify the AuthValue directly, without brute-forcing its value Even when a randomly generated AuthValue with a full 128-bits of ...
Arch Linux Issues:
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 10 and 101 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner's public key, and the confirmation number and nonce provided by the provisioning device This could permit a device without the AuthValue to complete pro ...

References

CWE-863https://kb.cert.org/vuls/id/799380https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006406https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2020-26559
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook