ID |
CVE-2019-9506
|
Summary |
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
-
cpe:2.3:h:blackberry:blackberry:-:*:*:*:*:*:*:*
cpe:2.3:h:blackberry:blackberry:-:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:iphone_os:12.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:12.4:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x:10.12.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.12.6:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x:10.13.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x:10.14.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.5:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:tvos:12.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:12.4:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:watchos:5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.8 (as of 28-08-2019 - 11:15) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-310 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
ADJACENT_NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:A/AC:L/Au:N/C:P/I:P/A:N
|
redhat
via4
|
|
refmap
via4
|
cert-vn | VU#918987 | confirm | | fulldisc | - 20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
- 20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4
- 20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4
| misc | | mlist | - [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
| suse | - openSUSE-SU-2019:2307
- openSUSE-SU-2019:2308
| ubuntu | - USN-4115-1
- USN-4118-1
- USN-4147-1
|
|
Last major update |
28-08-2019 - 11:15 |
Published |
14-08-2019 - 17:15 |
Last modified |
28-08-2019 - 11:15 |