Vulnerabilities > Bluetooth > Mesh Profile > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-26559 | Incorrect Authorization vulnerability in Bluetooth Mesh Profile 1.0.0/1.0.1 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. | 5.8 |
| 2021-05-24 | CVE-2020-26560 | Incorrect Authorization vulnerability in Bluetooth Mesh Profile 1.0.0/1.0.1 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey. | 4.8 |