CVE-2022-25836

CVSS V2 None CVSS V3 None
Description
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.
Overview
  • CVE ID
  • CVE-2022-25836
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-12T04:15:09
  • Last Modified Date
  • 2022-12-14T17:53:27
Weakness Enumerations
CWE URL
CWE-294 http://cwe.mitre.org/data/definitions/294.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:* 1 OR 4.0 5.3
References
Reference URL Reference Tags
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-25836
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25836
History
Created Old Value New Value Data Type Notes
2022-12-12 05:15:51 Added to TrackCVE
2022-12-12 12:24:27 2022-12-12T04:15:09.587 2022-12-12T04:15:09 CVE Published Date updated
2022-12-12 12:24:27 2022-12-12T11:26:32 CVE Modified Date updated
2022-12-12 12:24:27 Received Awaiting Analysis Vulnerability Status updated
2022-12-12 16:16:27 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-14 18:15:29 2022-12-14T17:53:27 CVE Modified Date updated
2022-12-14 18:15:29 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-14 18:15:29 CWE-294 Weakness Enumeration new
2022-12-14 18:15:29 CPE Information updated