CVE-2020-11957

The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing.
References
Link Resource
https://www.cypress.com/file/504466/download Product Vendor Advisory
https://www.cypress.com/file/504466/download Product Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cypress:psoc_4.2_ble:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:58

Type Values Removed Values Added
References () https://www.cypress.com/file/504466/download - Product, Vendor Advisory () https://www.cypress.com/file/504466/download - Product, Vendor Advisory

Information

Published : 2020-06-09 19:15

Updated : 2024-11-21 04:58


NVD link : CVE-2020-11957

Mitre link : CVE-2020-11957

CVE.ORG link : CVE-2020-11957


JSON object : View

Products Affected

cypress

  • psoc_4.2_ble
CWE
CWE-331

Insufficient Entropy