VYPR
Unrated severityNVD Advisory· Published Aug 14, 2019· Updated Sep 16, 2024

Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation

CVE-2019-9506

Description

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

152

Patches

Vulnerability mechanics

References

30

News mentions

0

No linked articles in our index yet.