2019-03-01 12:04:26 -05:00
{
2019-03-17 23:55:42 +00:00
"CVE_data_meta" : {
2019-08-12 23:56:27 -04:00
"AKA" : "KNOB" ,
"ASSIGNER" : "cert@cert.org" ,
"DATE_PUBLIC" : "2019-08-14" ,
2019-03-17 23:55:42 +00:00
"ID" : "CVE-2019-9506" ,
2019-08-12 23:56:27 -04:00
"STATE" : "PUBLIC" ,
2019-08-14 10:33:56 -04:00
"TITLE" : "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
2019-03-17 23:55:42 +00:00
} ,
2019-08-12 23:56:27 -04:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BR/EDR " ,
"version" : {
"version_data" : [
{
"platform" : "N/A" ,
"version_affected" : "<=" ,
"version_name" : "5.1" ,
"version_value" : "5.1"
}
]
}
}
]
} ,
"vendor_name" : "Bluetooth"
}
]
}
} ,
"credit" : [
{
"lang" : "eng" ,
2019-08-16 19:00:46 +00:00
"value" : "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
2019-08-12 23:56:27 -04:00
}
] ,
2019-03-17 23:55:42 +00:00
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2019-08-14 10:33:56 -04:00
"value" : "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
2019-08-12 23:56:27 -04:00
}
]
} ,
"generator" : {
"engine" : "Vulnogram 0.0.7"
} ,
"impact" : {
"cvss" : {
"attackComplexity" : "LOW" ,
"attackVector" : "ADJACENT_NETWORK" ,
"availabilityImpact" : "LOW" ,
"baseScore" : 7.6 ,
"baseSeverity" : "HIGH" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "LOW" ,
"privilegesRequired" : "NONE" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" ,
"version" : "3.0"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-310 Cryptographic Issues"
}
]
2019-03-17 23:55:42 +00:00
}
]
2019-08-12 23:56:27 -04:00
} ,
"references" : {
"reference_data" : [
{
"name" : "VU#918987" ,
"refsource" : "CERT-VN" ,
"url" : "https://www.kb.cert.org/vuls/id/918987/"
} ,
{
"name" : "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html" ,
"refsource" : "MISC" ,
"url" : "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
} ,
{
"name" : "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli" ,
"refsource" : "MISC" ,
"url" : "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
2019-08-16 19:00:46 +00:00
} ,
{
"name" : "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3" ,
"url" : "http://seclists.org/fulldisclosure/2019/Aug/14"
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra" ,
"url" : "http://seclists.org/fulldisclosure/2019/Aug/11"
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4" ,
"url" : "http://seclists.org/fulldisclosure/2019/Aug/13"
2019-08-16 20:00:46 +00:00
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4" ,
"url" : "http://seclists.org/fulldisclosure/2019/Aug/15"
2019-08-16 19:00:46 +00:00
}
]
2019-08-12 23:56:27 -04:00
} ,
"source" : {
"advisory" : "VU#918987" ,
"defect" : [
"VU#918987"
] ,
"discovery" : "EXTERNAL"
} ,
"work_around" : [
{
"lang" : "eng" ,
"value" : "Bluetooth SIG Expedited Errata Correction 11838"
}
]
2019-08-16 19:00:46 +00:00
}
