Details of VAR-202105-0145

ID

VAR-202105-0145

CVE

CVE-2020-26557

TITLE

Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure

Trust: 0.8

sources: CERT/CC: VU#799380

DESCRIPTION

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time). Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android. Bluetooth Mesh profile Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.88

sources: NVD: CVE-2020-26557 // CERT/CC: VU#799380 // JVNDB: JVNDB-2021-007329 // CNNVD: CNNVD-202104-975

IOT TAXONOMY

category:

['network device']

sub_category:

bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	bluetooth	model:	mesh profile	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	bluetooth	model:	mesh profile	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	bluetooth sig	model:	mesh profile	scope:	eq	version:	1.0.1	Trust: 0.8
vendor:	bluetooth sig	model:	mesh profile	scope:	eq	version:	1.0	Trust: 0.8
vendor:	bluetooth sig	model:	mesh profile	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007329 // NVD: CVE-2020-26557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26557
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-26557
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1500
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-26557
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-26557
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26557
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-007329 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1500 // NVD: CVE-2020-26557

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007329 // NVD: CVE-2020-26557

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1500

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Reporting Security Vulnerabilities	url:	https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/	Trust: 0.8
title:	Bluetooth Mesh Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153465	Trust: 0.6

sources: JVNDB: JVNDB-2021-007329 // CNNVD: CNNVD-202105-1500

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26557	Trust: 4.1
db:	CERT/CC	id:	VU#799380	Trust: 3.2
db:	JVN	id:	JVNVU99594334	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-007329	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052614	Trust: 0.6
db:	CS-HELP	id:	SB2021070408	Trust: 0.6
db:	LENOVO	id:	LEN-51734	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1500	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // CERT/CC: VU#799380 // JVNDB: JVNDB-2021-007329 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1500 // NVD: CVE-2020-26557

REFERENCES

url:	https://kb.cert.org/vuls/id/799380	Trust: 2.4
url:	https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/	Trust: 1.6
url:	cve- 2020-26556	Trust: 0.8
url:	cve-2020-26555	Trust: 0.8
url:	cve-2020-26557	Trust: 0.8
url:	cve-2020-26558	Trust: 0.8
url:	cve-2020-26559	Trust: 0.8
url:	cve-2020-26560	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99594334/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26557	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021070408	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-51734	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052614	Trust: 0.6
url:	https://vigilance.fr/vulnerability/bluetooth-privilege-escalation-via-mesh-profile-provisioning-predictable-authvalue-35548	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CERT/CC: VU#799380 // JVNDB: JVNDB-2021-007329 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1500 // NVD: CVE-2020-26557

CREDITS

This document was written by Madison Oliver.Statement Date: February 22, 2021

Trust: 0.8

sources: CERT/CC: VU#799380

SOURCES

db:	OTHER	id:	-
db:	CERT/CC	id:	VU#799380
db:	JVNDB	id:	JVNDB-2021-007329
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1500
db:	NVD	id:	CVE-2020-26557

LAST UPDATE DATE

2025-01-30T20:43:51.376000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#799380	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-007329	date:	2022-02-08T07:08:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1500	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2020-26557	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#799380	date:	2021-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-007329	date:	2022-02-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1500	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2020-26557	date:	2021-05-24T18:15:07.903