cve/2019/CVE-2019-9506.md

### [CVE-2019-9506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9506)
![](https://img.shields.io/static/v1?label=Product&message=BR%2FEDR%20&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.1%3C%3D%205.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-310%20Cryptographic%20Issues&color=brighgreen)

### Description

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

### POC

#### Reference
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/AlexandrBing/broadcom-bt-firmware
- https://github.com/Charmve/BLE-Security-Attack-Defence
- https://github.com/JeffroMF/awesome-bluetooth-security321
- https://github.com/StealthIQ/awesome-stars
- https://github.com/WinMin/Protocol-Vul
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/engn33r/awesome-bluetooth-security
- https://github.com/francozappa/knob
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/sgxgsx/BlueToolkit
- https://github.com/u10427687/bluetooth-KNOB
- https://github.com/winterheart/broadcom-bt-firmware
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-9506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9506)`
			`![](https://img.shields.io/static/v1?label=Product&message=BR%2FEDR%20&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.1%3C%3D%205.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-310%20Cryptographic%20Issues&color=brighgreen)`

			`### Description`

			`The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.`

			`### POC`

			`#### Reference`
			`- https://usn.ubuntu.com/4115-1/`
			`- https://usn.ubuntu.com/4118-1/`

			`#### Github`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/AlexandrBing/broadcom-bt-firmware`
			`- https://github.com/Charmve/BLE-Security-Attack-Defence`
			`- https://github.com/JeffroMF/awesome-bluetooth-security321`
			`- https://github.com/StealthIQ/awesome-stars`
			`- https://github.com/WinMin/Protocol-Vul`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/engn33r/awesome-bluetooth-security`
			`- https://github.com/francozappa/knob`
			`- https://github.com/hectorgie/PoC-in-GitHub`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/sgxgsx/BlueToolkit`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/u10427687/bluetooth-KNOB`
			`- https://github.com/winterheart/broadcom-bt-firmware`