CVE-2020-26557

CVSS v3.1

7.5

High

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Bluetooth Mesh profile versions 1.0 and 1.0.1

Description: The issue allows a nearby device to potentially determine the AuthValue used in the provisioning protocol via a brute-force attack, unless the AuthValue is sufficiently random and changed each time.

Recommendations: For Bluetooth Mesh profile version 1.0, ensure the AuthValue is sufficiently random and changed each time to mitigate the risk. For Bluetooth Mesh profile version 1.0.1, ensure the AuthValue is sufficiently random and changed each time to mitigate the risk.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-26557

Affected Products

Bluetooth Mesh

CVE-2020-26557

Weakness Enumeration

Related Identifiers

Affected Products

References · 10