Mesh Profile Security Vulnerabilities and Issues — Mesh Profile CVE List

Lucene search

BluetoothMesh Profile

4 matches found

CVE•added 2021/05/24 6:15 p.m.•101 views

CVE-2020-26557

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).

7.5CVSS7.8AI score0.01418EPSS

CVE•added 2021/05/24 6:15 p.m.•92 views

CVE-2020-26559

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could pe...

8.8CVSS8.4AI score0.01899EPSS

CVE•added 2021/05/24 6:15 p.m.•90 views

CVE-2020-26560

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.

8.1CVSS8.3AI score0.01374EPSS

CVE•added 2021/05/24 6:15 p.m.•88 views

CVE-2020-26556

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.

7.5CVSS7.7AI score0.01854EPSS