2019-03-01 12:04:26 -05:00
{
2019-03-17 23:55:42 +00:00
"CVE_data_meta" : {
2019-08-12 23:56:27 -04:00
"AKA" : "KNOB" ,
"ASSIGNER" : "cert@cert.org" ,
"DATE_PUBLIC" : "2019-08-14" ,
2019-03-17 23:55:42 +00:00
"ID" : "CVE-2019-9506" ,
2019-08-12 23:56:27 -04:00
"STATE" : "PUBLIC" ,
2019-08-14 10:33:56 -04:00
"TITLE" : "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
2019-03-17 23:55:42 +00:00
} ,
2019-08-12 23:56:27 -04:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BR/EDR " ,
"version" : {
"version_data" : [
{
"platform" : "N/A" ,
"version_affected" : "<=" ,
"version_name" : "5.1" ,
"version_value" : "5.1"
}
]
}
}
]
} ,
"vendor_name" : "Bluetooth"
}
]
}
} ,
"credit" : [
{
"lang" : "eng" ,
2019-08-16 19:00:46 +00:00
"value" : "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
2019-08-12 23:56:27 -04:00
}
] ,
2019-03-17 23:55:42 +00:00
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2019-08-14 10:33:56 -04:00
"value" : "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
2019-08-12 23:56:27 -04:00
}
]
} ,
"generator" : {
"engine" : "Vulnogram 0.0.7"
} ,
"impact" : {
"cvss" : {
"attackComplexity" : "LOW" ,
"attackVector" : "ADJACENT_NETWORK" ,
"availabilityImpact" : "LOW" ,
"baseScore" : 7.6 ,
"baseSeverity" : "HIGH" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "LOW" ,
"privilegesRequired" : "NONE" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" ,
"version" : "3.0"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-310 Cryptographic Issues"
}
]
2019-03-17 23:55:42 +00:00
}
]
2019-08-12 23:56:27 -04:00
} ,
"references" : {
"reference_data" : [
{
"name" : "VU#918987" ,
"refsource" : "CERT-VN" ,
"url" : "https://www.kb.cert.org/vuls/id/918987/"
} ,
{
"name" : "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html" ,
"refsource" : "MISC" ,
"url" : "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
} ,
{
"name" : "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli" ,
"refsource" : "MISC" ,
"url" : "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
2019-08-16 19:00:46 +00:00
} ,
{
"name" : "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3" ,
"url" : "http://seclists.org/fulldisclosure/2019/Aug/14"
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra" ,
"url" : "http://seclists.org/fulldisclosure/2019/Aug/11"
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4" ,
"url" : "http://seclists.org/fulldisclosure/2019/Aug/13"
2019-08-16 20:00:46 +00:00
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4" ,
"url" : "http://seclists.org/fulldisclosure/2019/Aug/15"
2019-08-28 11:00:48 +00:00
} ,
{
"refsource" : "CONFIRM" ,
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en" ,
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
2019-09-03 00:00:49 +00:00
} ,
{
"refsource" : "UBUNTU" ,
"name" : "USN-4115-1" ,
"url" : "https://usn.ubuntu.com/4115-1/"
} ,
{
"refsource" : "UBUNTU" ,
"name" : "USN-4118-1" ,
"url" : "https://usn.ubuntu.com/4118-1/"
2019-09-14 04:00:56 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update" ,
"url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
2019-09-15 20:00:54 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update" ,
"url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
2019-09-25 12:01:06 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update" ,
"url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
2019-10-04 18:01:03 +00:00
} ,
{
"refsource" : "UBUNTU" ,
"name" : "USN-4147-1" ,
"url" : "https://usn.ubuntu.com/4147-1/"
2019-10-08 13:01:00 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:2975" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:2975"
2019-10-11 00:01:01 +00:00
} ,
{
"refsource" : "SUSE" ,
"name" : "openSUSE-SU-2019:2307" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
} ,
{
"refsource" : "SUSE" ,
"name" : "openSUSE-SU-2019:2308" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
2019-10-15 22:00:58 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3076" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3076"
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3055" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3055"
2019-10-16 12:01:11 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3089" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3089"
2019-10-24 23:01:04 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3187" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3187"
2019-10-29 19:01:29 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3165" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3165"
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3217" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3217"
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3220" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3220"
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3231" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3231"
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3218" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3218"
2019-11-06 01:01:23 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3309" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3309"
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3517" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3517"
2020-01-30 11:01:12 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2020:0204" ,
"url" : "https://access.redhat.com/errata/RHSA-2020:0204"
2019-08-16 19:00:46 +00:00
}
]
2019-08-12 23:56:27 -04:00
} ,
"source" : {
"advisory" : "VU#918987" ,
"defect" : [
"VU#918987"
] ,
"discovery" : "EXTERNAL"
} ,
"work_around" : [
{
"lang" : "eng" ,
"value" : "Bluetooth SIG Expedited Errata Correction 11838"
}
]
2019-08-16 19:00:46 +00:00
}
