CVE-2020-26559

Published: May 24, 2021

Modified: Nov 4, 2025

PUBLISHED

Description

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

x_refsource_MISC

https://kb.cert.org/vuls/id/799380

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-26559

Description

Affected Products

References