CVE-2020-26560 - Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device,

CVE-2020-26560

Summary

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.

References

https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

Vulnerable Configurations

cpe:2.3:a:bluetooth:mesh_profile:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bluetooth:mesh_profile:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bluetooth:mesh_profile:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bluetooth:mesh_profile:1.0.1:*:*:*:*:*:*:*

CVSS

Base:	4.8 (as of 03-06-2021 - 17:12)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:A/AC:L/Au:N/C:P/I:P/A:N

Last major update

03-06-2021 - 17:12

Published

24-05-2021 - 18:15

Last modified

03-06-2021 - 17:12