Fedora Account System
Red Hat Associate
Red Hat Customer
The Bluetooth Mesh Profile Specification versions 1.0 and 1.0.1 Mesh Provisioning procedure could allow an attacker without knowledge of the AuthValue, spoofing a device being provisioned, to use crafted responses to appear to possess the AuthValue and be issued a valid NetKey and potentially an AppKey. For this attack to be successful, an attacking device needs to be within wireless range of a Mesh Provisioner and either spoof the identity of a device being provisioned over the air or be directly provisioned onto a subnet controlled by the provisioner. After successfully authenticating without the AuthValue, the attacker can perform any operation permitted to a node provisioned on the subnet until it is either denied access or a new subnet is formed without the attacking node present.
Created bluez tracking bugs for this issue: Affects: fedora-all [bug 1969617]