Description
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Third Party Advisory, US Government Resource x_refsource_misc
https://kb.cert.org/vuls/id/799380
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/799380
Scores
CVSS v3
8.8
EPSS
0.0085
EPSS Percentile
53.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (2)
bluetooth/mesh_profile
1.0.0
bluetooth/mesh_profile
1.0.1
Published
May 24, 2021
Tracked Since
Feb 18, 2026