CVE-2020-11957

The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing.

CVSS v3 7.5 HIGH
CVSS v2.0 5.4 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 5.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.cypress.com/file/504466/download	Product Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cypress:psoc_4.2_ble:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-09 19:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-11957

Mitre link : CVE-2020-11957

CVE.ORG link : CVE-2020-11957

JSON object : View

Products Affected

cypress

psoc_4.2_ble

CWE

CWE-331

Insufficient Entropy

{"id": "CVE-2020-11957", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.4, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2020-06-09T19:15:10.120", "references": [{"url": "https://www.cypress.com/file/504466/download", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-331"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing."}, {"lang": "es", "value": "La implementaci\u00f3n de Bluetooth Low Energy en el componente Cypress PSoC Creator BLE 4.2 versiones anteriores a 3.64, genera un n\u00famero aleatorio (Pairing Random) con significativamente menos entrop\u00eda que los 128 bits especificados durante el emparejamiento BLE. Este es el caso tanto para el emparejamiento autenticado como para el autenticado con LE Secure Connections y LE Legacy Pairing. Un n\u00famero aleatorio predecible o aplicable de fuerza bruta permite a un atacante (en el alcance del radio) llevar a cabo un ataque MITM durante el emparejamiento BLE"}], "lastModified": "2020-06-22T13:42:04.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cypress:psoc_4.2_ble:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE018035-C831-4D25-8E79-C7DCEC211CE5", "versionEndExcluding": "3.64"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}