Lucene search

MitreCVE-2022-38788

HistorySep 15, 2022 - 12:15 p.m.

CVE-2022-38788

2022-09-1512:15:09

mitre

web.nvd.nist.gov

nokia

fastmile

5g receiver

cve-2022-38788

bluetooth

pairing

vulnerability

security

nvd

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).

Affected configurations

Nvd

Node

nokiafastmile_5g_receiver_firmwareMatch1.2104.00.0281

AND

nokiafastmile_5g_receiverMatch-

VendorProductVersionCPE
nokiafastmile_5g_receiver_firmware1.2104.00.0281cpe:2.3:o:nokia:fastmile_5g_receiver_firmware:1.2104.00.0281:*:*:*:*:*:*:*
nokiafastmile_5g_receiver-cpe:2.3:h:nokia:fastmile_5g_receiver:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nokia	fastmile_5g_receiver_firmware	1.2104.00.0281	cpe:2.3:o:nokia:fastmile_5g_receiver_firmware:1.2104.00.0281:::::::*
nokia	fastmile_5g_receiver	-	cpe:2.3:h:nokia:fastmile_5g_receiver:-:::::::*

References

github.com/ProxyStaffy/Nokia-FastMile-5G-Receiver-5G14-B

www.nokia.com/notices/responsible-disclosure/

Social References

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

Related for CVE-2022-38788