CVE-2022-25836 — Authentication Bypass by Capture-replay in Core Specification

CWE-294 — Authentication Bypass by Capture-replay4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 52.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluetooth Core Specification

Timeline

PublishedDec 12

Latest updateJul 6

Description

Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bl…

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.8

Affected Packages1 packages

▶NVDbluetooth/bluetooth_core_specification4.0 — 5.3

🔴Vulnerability Details

GHSA

GHSA-399c-6449-xhh6: Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4↗2023-07-06

▶

OSV

CVE-2022-25836: Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4↗2022-12-12

▶

CVEList

CVE-2022-25836: Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4↗2022-12-12

▶