CVE-2020-26557: High severity bluetooth mesh profile vulnerability

Published May 24, 2021

Updated

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).

Affected Software

2 affected components

Bluetooth Mesh profile=1.0.0

Bluetooth Mesh profile=1.0.1

Event History

May 24, 2021

CVE Published

via MITRE·05:28 PM

Data Sourced

via MITRE·05:28 PM

Description

Data Sourced

via NVD·06:15 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is CVE-2020-26557?

CVE-2020-26557 is a vulnerability in the Bluetooth Mesh profile 1.0 and 1.0.1 that could allow a nearby device to determine the AuthValue via a brute-force attack.

How does CVE-2020-26557 affect Bluetooth Mesh profile?

CVE-2020-26557 affects the Bluetooth Mesh profile versions 1.0 and 1.0.1.

What is the severity of CVE-2020-26557?

The severity of CVE-2020-26557 is high, with a severity value of 7.5.

How can a nearby device exploit CVE-2020-26557?

A nearby device can exploit CVE-2020-26557 by conducting a brute-force attack to determine the AuthValue used in the provisioning protocol.

Are there any fixes available for CVE-2020-26557?

To mitigate CVE-2020-26557, it is recommended to ensure that the AuthValue is sufficiently random and changed each time.

CVE-2020-26557: High severity bluetooth mesh profile vulnerability

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is CVE-2020-26557?

How does CVE-2020-26557 affect Bluetooth Mesh profile?

What is the severity of CVE-2020-26557?

How can a nearby device exploit CVE-2020-26557?

Are there any fixes available for CVE-2020-26557?

Company

Resources

Contact