CVE-2020-11957

Name of the Vulnerable Software and Affected Versions Cypress PSoC Creator BLE 4.2 component versions prior to 3.64

Description The Bluetooth Low Energy implementation generates a random number with significantly less entropy than specified during BLE pairing, allowing an attacker in radio range to perform a man-in-the-middle (MITM) attack. This issue affects both authenticated and unauthenticated pairing with LE Secure Connections and LE Legacy Pairing.

Recommendations For versions prior to 3.64, update to version 3.64 or later to resolve the issue. As a temporary workaround, consider restricting BLE pairing to trusted devices and environments to minimize the risk of exploitation.