CVE-2019-9506
Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Produtos afetados
Bluetooth · BR/EDRQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.htmlhttps://access.redhat.com/errata/RHSA-2019:2975https://access.redhat.com/errata/RHSA-2019:3055https://access.redhat.com/errata/RHSA-2019:3076https://access.redhat.com/errata/RHSA-2019:3089https://access.redhat.com/errata/RHSA-2019:3165https://access.redhat.com/errata/RHSA-2019:3187https://access.redhat.com/errata/RHSA-2019:3217https://access.redhat.com/errata/RHSA-2019:3218https://access.redhat.com/errata/RHSA-2019:3220https://access.redhat.com/errata/RHSA-2019:3231