vulnerability
Microsoft Windows: CVE-2019-9506: Encryption Key Negotiation of Bluetooth Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:A/AC:L/Au:N/C:P/I:P/A:N) | 2019-08-13 | 2019-08-13 | 2024-09-11 |
Severity
5
CVSS
(AV:A/AC:L/Au:N/C:P/I:P/A:N)
Published
2019-08-13
Added
2019-08-13
Modified
2024-09-11
Description
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Solution(s)
microsoft-windows-windows_10-1507-kb4512497microsoft-windows-windows_10-1607-kb4512517microsoft-windows-windows_10-1703-kb4512507microsoft-windows-windows_10-1709-kb4512516microsoft-windows-windows_10-1803-kb4512501microsoft-windows-windows_10-1809-kb4511553microsoft-windows-windows_10-1903-kb4512508microsoft-windows-windows_server_2012-kb4512482microsoft-windows-windows_server_2012_r2-kb4512489microsoft-windows-windows_server_2016-1607-kb4512517microsoft-windows-windows_server_2019-1809-kb4511553msft-kb4512482-5ed85e60-5ce7-4c4c-94aa-f19944914692msft-kb4512482-68a99d81-d48f-4437-9515-ea4a427f4014msft-kb4512486-16bba1d9-7035-4243-b78b-cea3df5096b6msft-kb4512486-2d01b298-6879-4d30-8a68-e872592d343emsft-kb4512486-437934f0-2915-4e74-b1cc-04921ce3aef1msft-kb4512486-cb62a71d-be6d-491e-9e4d-046e3dff67e9msft-kb4512486-d6348d13-661b-4391-b03d-77cbf3143cd2msft-kb4512486-fc466b63-7e33-42b7-8bfe-72335a76bb07msft-kb4512489-90af280c-d27d-450d-a8de-81ca67856fc0msft-kb4512489-bfc44f53-1c17-46df-9be6-9009a1a38c70msft-kb4512508-35cff443-e9f5-4d0a-a8fc-7fe8a39ab515
References
- CERT-VN-918987
- CVE-2019-9506
- https://attackerkb.com/topics/CVE-2019-9506
- REDHAT-RHSA-2019:2975
- REDHAT-RHSA-2019:3055
- REDHAT-RHSA-2019:3076
- REDHAT-RHSA-2019:3089
- REDHAT-RHSA-2019:3165
- REDHAT-RHSA-2019:3187
- REDHAT-RHSA-2019:3217
- REDHAT-RHSA-2019:3218
- REDHAT-RHSA-2019:3220
- REDHAT-RHSA-2019:3231
- REDHAT-RHSA-2019:3309
- REDHAT-RHSA-2019:3517
- REDHAT-RHSA-2020:0204
- URL-https://support.microsoft.com/help/4511553
- URL-https://support.microsoft.com/help/4512482
- URL-https://support.microsoft.com/help/4512489
- URL-https://support.microsoft.com/help/4512497
- URL-https://support.microsoft.com/help/4512501
- URL-https://support.microsoft.com/help/4512507
- URL-https://support.microsoft.com/help/4512508
- URL-https://support.microsoft.com/help/4512516
- URL-https://support.microsoft.com/help/4512517
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.