An impersonation attack vulnerability was found in the Linux kernel’s Bluetooth Mesh Profile implementation. The Mesh Provisioning procedure has a flaw that allows an attacker without knowledge of the AuthValue to spoof a provisioned device and use crafted responses that appear to possess the AuthValue. This issue permits an malicious user to be issued a valid NetKey and potentially an AppKey. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bluetooth mesh profile 1.0.0 |
||
bluetooth mesh profile 1.0.1 |