Home > Vulnerability Database > CVE-2020-26559

Mend.io Vulnerability Database

CVE-2020-26559

Date: May 24, 2021

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.

Severity Score

8.8

Related Resources (7)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26559

Url: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

Url: https://access.redhat.com/security/cve/CVE-2020-26559

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-26559

Url: https://security-tracker.debian.org/tracker/CVE-2020-26559

Url: https://kb.cert.org/vuls/id/799380

Url: https://www.mend.io/vulnerability-database/CVE-2020-26559

Severity Score

8.8

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	5.8
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-26559

Date: May 24, 2021

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?