CVE-2020-26559 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-26559 Interim 1 36 2023-09-12T23:46:09Z current 2022-07-08T00:08:03Z 2023-09-12T23:46:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-26559 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue. CVE-2020-26559 moderate 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P 5.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L