1.0.1

CVSS 4.8 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

low complexity

bluetooth

CWE-863

NVD

Published: 2021-05-24

Updated: 2021-06-03

Summary

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.

Vulnerable Configurations

Part	Description	Count
Application	Bluetooth Bluetooth Mesh Profile 1.0.0 Bluetooth Mesh Profile 1.0.1	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/