CVE-2019-9506

Description

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

CVSS breakdown

CVSS 3.0

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Affected products

Bluetooth / BR/EDR5.1 – 5.1

References

MISChttps://www.kb.cert.org/vuls/id/918987/
MISChttp://www.cs.ox.ac.uk/publications/publication12404-abstract.html
MISChttps://www.usenix.org/conference/usenixsecurity19/presentation/antonioli
MISChttps://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/
MAILING_LISThttp://seclists.org/fulldisclosure/2019/Aug/14
MAILING_LISThttp://seclists.org/fulldisclosure/2019/Aug/11
MAILING_LISThttp://seclists.org/fulldisclosure/2019/Aug/13
MAILING_LISThttp://seclists.org/fulldisclosure/2019/Aug/15
VENDOR_ADVISORYhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en
VENDOR_ADVISORYhttps://usn.ubuntu.com/4115-1/
VENDOR_ADVISORYhttps://usn.ubuntu.com/4118-1/
MAILING_LISThttps://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
MAILING_LISThttps://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
MAILING_LISThttps://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
VENDOR_ADVISORYhttps://usn.ubuntu.com/4147-1/
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2975
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3076
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3055
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3089
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3187
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3165
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3217
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3220
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3231
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3218
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3309
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3517
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0204