A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced.

Mitigation

At this time there is no known mitigation if bluetooth hardware is to be continue to be used. Replacing the hardware with its wired version and disabling bluetooth may be a suitable alternative for some environments.

References

bugzilla.redhat.com/show_bug.cgi?id=1727857

nvd.nist.gov/vuln/detail/CVE-2019-9506

www.cve.org/CVERecord?id=CVE-2019-9506

prion 1

githubexploit 1

mscve 1

cert 1

nessus 58

cve 1

redhat 14

hp 1

thn 1

huawei 1

cisco 1

symantec 1

f5 1

debiancve 1

veracode 1

malwarebytes 1

fortinet 1

ubuntucve 1

lenovo 2

threatpost 3

openvas 20

centos 1

suse 2

androidsecurity 1

oraclelinux 2

debian 3

osv 2

ubuntu 4

apple 8

cloudfoundry 2

mskb 13

kaspersky 2

talosblog 1

prion

Code injection

2019-08-14 17:15:00

githubexploit

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Google Android

2019-08-15 11:54:21

mscve

Encryption Key Negotiation of Bluetooth Vulnerability

2019-08-13 07:00:00

cert

Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

2019-08-14 00:00:00

nessus

RHEL 7 : kernel (RHSA-2020:1460)

2020-04-14 00:00:00

RHEL 7 : kernel (RHSA-2019:3187)

2019-10-24 00:00:00

RHEL 7 : kpatch-patch (RHSA-2019:3231)

2019-10-30 00:00:00

cve

CVE-2019-9506

2019-08-14 17:15:00

redhat

(RHSA-2019:3165) Important: kernel-rt security and bug fix update

2019-10-22 09:33:14

(RHSA-2019:3231) Important: kpatch-patch security update

2019-10-29 12:01:07

(RHSA-2019:3187) Important: kernel security and bug fix update

2019-10-23 08:34:56

HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability

2019-12-04 00:00:00

thn

New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections

2019-08-14 16:47:00

huawei

Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability

2019-08-28 00:00:00

cisco

Key Negotiation of Bluetooth Vulnerability

2019-08-13 17:00:00

symantec

Microsoft Windows Bluetooth CVE-2019-9506 Remote Security Vulnerability

2019-08-13 00:00:00

K51813353 : Linux Kernel vulnerability CVE-2019-9506

2022-07-21 00:00:00

debiancve

CVE-2019-9506

2019-08-14 17:15:00

veracode

Brute-force Attack

2019-10-09 00:22:32

malwarebytes

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

2019-08-21 15:56:45

fortinet

CVE-2019-9506 Encryption Key Negotiation of Bluetooth (KNOB) Vulnerability

2020-04-23 00:00:00

ubuntucve

CVE-2019-9506

2019-08-13 00:00:00

lenovo

Encryption Key Negotiation of Bluetooth Vulnerability - Lenovo Support US

2019-08-13 15:18:05

Encryption Key Negotiation of Bluetooth Vulnerability - Lenovo Support US

2019-08-13 15:18:05

threatpost

Lenovo Warns of ThinkPad Bugs, One Unpatched

2019-08-14 17:56:01

Cisco Patches Six Critical Bugs in UCS Gear and Switches

2019-08-21 17:38:24

Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List

2019-08-13 20:29:10

openvas

CentOS Update for bpftool CESA-2019:3055 centos7

2019-10-22 00:00:00

openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:2308-1)

2020-01-09 00:00:00

openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:2307-1)

2019-10-11 00:00:00

centos

bpftool, kernel, perf, python security update

2019-10-21 17:31:04

suse

Security update for the Linux Kernel (important)

2019-10-10 00:00:00

Security update for the Linux Kernel (important)

2019-10-10 00:00:00

androidsecurity

Pixel Update Bulletin—August 2019

2019-08-05 00:00:00

oraclelinux

kernel security and bug fix update

2019-10-16 00:00:00

kernel security, bug fix, and enhancement update

2019-11-14 00:00:00

debian

[SECURITY] [DLA 1919-2] linux-4.9 security update

2019-09-15 17:51:06

[SECURITY] [DLA 1919-1] linux-4.9 security update

2019-09-14 00:21:38

[SECURITY] [DLA 1930-1] linux security update

2019-09-25 09:49:28

osv

linux-4.9 - security update

2019-09-12 00:00:00

linux - security update

2019-09-24 00:00:00

ubuntu

Linux kernel vulnerabilities

2019-10-04 00:00:00

Linux kernel regression

2019-09-11 00:00:00

Linux kernel vulnerabilities

2019-09-02 00:00:00

apple

About the security content of watchOS 5.3

2019-07-22 00:00:00

About the security content of watchOS 5.3 - Apple Support

2020-06-25 07:44:38

About the security content of tvOS 12.4 - Apple Support

2020-06-25 07:44:38

cloudfoundry

USN-4115-2: Linux kernel regression | Cloud Foundry

2019-09-30 00:00:00

USN-4115-1: Linux kernel vulnerabilities | Cloud Foundry

2019-09-30 00:00:00

mskb

August 13, 2019—KB4512482 (Security-only update)

2019-08-13 07:00:00

August 13, 2019—KB4512486 (Security-only update)

2019-08-13 07:00:00

August 13, 2019—KB4512506 (Monthly Rollup)

2019-08-13 07:00:00

kaspersky

KLA11989 Multiple vulnerabilities in Microsoft Products (ESU)

2019-08-13 00:00:00

KLA11534 Multiple vulnerabilities in Microsoft Windows

2019-08-13 00:00:00

talosblog

Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage

2019-08-14 09:55:35

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

4.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

41.7%

JSON

Related for RH:CVE-2019-9506