CVE-2022-25837
CVSS V2 None
CVSS V3 None
Description
Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.
Overview
- CVE ID
- CVE-2022-25837
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-12T04:15:09
- Last Modified Date
- 2022-12-14T18:10:38
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:* | 1 | OR | 1.1b | 5.3 |
References
| Reference URL | Reference Tags |
|---|---|
| https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-25837 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25837 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-12 05:15:51 | Added to TrackCVE | |||
| 2022-12-12 12:24:28 | 2022-12-12T04:15:09.657 | 2022-12-12T04:15:09 | CVE Published Date | updated |
| 2022-12-12 12:24:28 | 2022-12-12T11:26:32 | CVE Modified Date | updated | |
| 2022-12-12 12:24:28 | Received | Awaiting Analysis | Vulnerability Status | updated |
| 2022-12-12 16:16:28 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2022-12-14 18:15:29 | 2022-12-14T18:10:38 | CVE Modified Date | updated | |
| 2022-12-14 18:15:30 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2022-12-14 18:15:30 | CWE-294 | Weakness Enumeration | new | |
| 2022-12-14 18:15:30 | CPE Information | updated |