CVE-2022-25836

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.

El emparejamiento Bluetooth® de baja energía en la especificación principal de Bluetooth v4.0 a v5.3 puede permitir que un MITM no autenticado adquiera credenciales con dos dispositivos de emparejamiento a través de un acceso adyacente cuando el MITM negocia el emparejamiento con clave de acceso heredada con el iniciador de emparejamiento y el emparejamiento con clave de acceso de Secure Connections con el emparejamiento de respondedor y fuerza bruta la clave de acceso ingresada por el usuario en el iniciador. El atacante MITM puede usar el valor de clave de acceso identificado para completar la autenticación con el Respondedor a través de una confusión del método de emparejamiento de Bluetooth.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-24 CVE Reserved
2022-12-12 CVE Published
2024-07-04 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-294: Authentication Bypass by Capture-replay

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security	2022-12-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bluetooth Search vendor "Bluetooth"		Bluetooth Core Specification Search vendor "Bluetooth" for product "Bluetooth Core Specification"				>= 4.0 <= 5.3 Search vendor "Bluetooth" for product "Bluetooth Core Specification" and version " >= 4.0 <= 5.3"		-		Affected