CVE-2020-26559
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.
El Bluetooth Mesh Provisioning en el perfil de Bluetooth Mesh versiones 1.0 y 1.0.1, puede permitir a un dispositivo cercano (que participe en el protocolo de aprovisionamiento) identificar el AuthValue usado dada la clave pública del Provisionador y el número de confirmación y el nonce proporcionado por el dispositivo de aprovisionamiento. Esto podría permitir a un dispositivo sin AuthValue completar el aprovisionamiento sin forzar el AuthValue por fuerza bruta
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-04 CVE Reserved
- 2021-05-24 CVE Published
- 2024-02-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (2)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bluetooth Search vendor "Bluetooth" | Mesh Profile Search vendor "Bluetooth" for product "Mesh Profile" | 1.0.0 Search vendor "Bluetooth" for product "Mesh Profile" and version "1.0.0" | - |
Affected
| ||||||
| Bluetooth Search vendor "Bluetooth" | Mesh Profile Search vendor "Bluetooth" for product "Mesh Profile" | 1.0.1 Search vendor "Bluetooth" for product "Mesh Profile" and version "1.0.1" | - |
Affected
| ||||||