Description:

Multiple vulnerabilities are found in Bluetooth devices that support the Bluetooth Core and Mesh Specifications. An attacker within wireless range of the vulnerable Bluetooth devices could use a specially crafted device to exploit the vulnerabilities.

Affected Systems:

• Devices supporting the Bluetooth Core Specifications and Mesh Profile Specification versions 1.0 and 1.0.1

Impact:

Depending on the vulnerability exploited, a successful attack could lead to impersonation attack, AuthValue disclosure or man-in-the-middle attack.

Recommendation:

System administrators and users should check with their product vendors to confirm if their devices are affected and the availability of patches.  System administrators and users should apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.

List of affected vendors are made available in the following URL:

https://www.kb.cert.org/vuls/id/799380

More Information:

• https://www.kb.cert.org/vuls/id/799380
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555 (to CVE-2020-26560)