4 matches found
CVE-2020-26557
CVE-2020-26557 : Bluetooth Mesh Provisioning in Bluetooth Mesh profile 1.0/1.0.1 allows a nearby device, without the AuthValue, to brute-force or deduce the AuthValue used in provisioning if the AuthValue is not sufficiently random or is reused. This can enable an attacker to complete provisionin...
CVE-2020-26559
CVE-2020-26559 (Bluetooth Mesh Provisioning) affects Bluetooth Mesh provisioning (Mesh profile 1.0/1.0.1). A nearby attacker participating in the provisioning protocol can identify the AuthValue and the provisioning device’s confirmation number and nonce, potentially enabling provisioning complet...
CVE-2020-26560
CVE-2020-26560 relates to Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0/1.0.1. A nearby attacker can exploit the provisioning exchange to authenticate without possessing the AuthValue and potentially obtain the NetKey and AppKey. The connected CIRCL sighting lists this CVE among B...
CVE-2020-26556
CVE-2020-26556 refers to the Bluetooth Mesh provisioning weakness in Mesh Profile 1.0/1.0.1 where a nearby attacker could brute‑force an insufficiently random AuthValue and, during provisioning, leverage a Malleable Commitment to complete authentication. The description states this can occur befo...