CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

Severity	HIGH
CVSS	8.1
CWE	CWE-310
KEV
Published	6 years ago
Modified	1 year ago

Related Products

Product	Advisory	Evidence
Cisco TelePresence CE Software	cisco-sa-20190813-bluetooth	Cisco OpenVuln
Cisco TelePresence	cisco-sa-20190813-bluetooth	Cisco OpenVuln
Cisco Small Business IP Phones	cisco-sa-20190813-bluetooth	Cisco OpenVuln
Cisco IP phone	cisco-sa-20190813-bluetooth	Cisco OpenVuln
Cisco IP Phone 8800 Series with Multiplatform Firmware	cisco-sa-20190813-bluetooth	Cisco OpenVuln
Cisco IP Phone 8800 Series Software	cisco-sa-20190813-bluetooth	Cisco OpenVuln