CVE-2020-26559

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.

CVSS v3 8.8 HIGH
CVSS v2.0 5.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kb.cert.org/vuls/id/799380	Third Party Advisory US Government Resource
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bluetooth:mesh_profile:1.0.0:::::::*
	cpe:2.3:a:bluetooth:mesh_profile:1.0.1:::::::*

History

03 Jun 2021, 17:25

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.8 v3 : 8.8
References	~~(MISC) https://kb.cert.org/vuls/id/799380 -~~	(MISC) https://kb.cert.org/vuls/id/799380 - Third Party Advisory, US Government Resource
References	~~(MISC) https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ -~~	(MISC) https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ - Vendor Advisory
CWE		CWE-863
CPE		cpe:2.3:a:bluetooth:mesh_profile:1.0.0:::::::* cpe:2.3:a:bluetooth:mesh_profile:1.0.1:::::::*

24 May 2021, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-05-24 18:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-26559

Mitre link : CVE-2020-26559

CVE.ORG link : CVE-2020-26559

JSON object : View

Products Affected

bluetooth

mesh_profile

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2020-26559", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-05-24T18:15:07.960", "references": [{"url": "https://kb.cert.org/vuls/id/799380", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner\u2019s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue."}, {"lang": "es", "value": "El Bluetooth Mesh Provisioning en el perfil de Bluetooth Mesh versiones 1.0 y 1.0.1, puede permitir a un dispositivo cercano (que participe en el protocolo de aprovisionamiento) identificar el AuthValue usado dada la clave p\u00fablica del Provisionador y el n\u00famero de confirmaci\u00f3n y el nonce proporcionado por el dispositivo de aprovisionamiento. Esto podr\u00eda permitir a un dispositivo sin AuthValue completar el aprovisionamiento sin forzar el AuthValue por fuerza bruta"}], "lastModified": "2021-06-03T17:25:36.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bluetooth:mesh_profile:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "851ACDD0-CD31-4CEC-AD23-C57C68178352"}, {"criteria": "cpe:2.3:a:bluetooth:mesh_profile:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4959D86-09FD-4C6A-AA52-7667FA9EC4BD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}