CVE-2020-26559

EPSS 1.18%
Veröffentlicht 24.05.2021 18:15:07
Zuletzt bearbeitet 21.11.2024 05:20:04
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bluetooth ≫ Mesh Profile Version1.0.0

Bluetooth ≫ Mesh Profile Version1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.18%	0.779

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://kb.cert.org/vuls/id/799380

Third Party Advisory

US Government Resource

https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-26559

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26559

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26559

EUVD