CVE-2020-26556: High severity bluetooth core specification vulnerability
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.
Affected Software
Event History
Frequently Asked Questions
What is CVE-2020-26556?
CVE-2020-26556 is a vulnerability in the Bluetooth Mesh profile 1.0 and 1.0.1 that allows a nearby device to complete authentication through a brute-force attack on an insufficiently random AuthValue.
How does CVE-2020-26556 affect Bluetooth devices?
CVE-2020-26556 affects Bluetooth devices that use the Mesh profile 1.0 and 1.0.1, allowing a nearby device to potentially compromise the authentication process.
What is the severity of CVE-2020-26556?
CVE-2020-26556 has a severity rating of 7.5 (high).
How can I fix CVE-2020-26556?
To mitigate CVE-2020-26556, it is recommended to update the affected Bluetooth devices to a version that addresses this vulnerability.
Where can I find more information about CVE-2020-26556?
You can find more information about CVE-2020-26556 from the CERT/CC vulnerability note at https://kb.cert.org/vuls/id/799380 and the Bluetooth website at https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/.