CVE-2019-9506
Description
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Risk Information
Base Score
8.9
MODERATE
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
4.458
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Win32k Elevation of Privilege Vulnerability for Windows 7 for x64-based Systems (KB4512486) | Windows |
| Windows ALPC Elevation of Privilege Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4512486) | Windows |
| Windows ALPC Elevation of Privilege Vulnerability for Windows 7 for x86-based Systems (KB4512486) | Windows |
| Windows Information Disclosure Vulnerability for Windows 8.1 for x86-based Systems (KB4512489) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4512489) | Windows |
| Windows Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB4512489) | Windows |
| Windows ALPC Elevation of Privilege Vulnerability for Windows Server 2012 for x64-based Systems (KB4512482) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4512517) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4512488) | Windows |
| Windows Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB4512488) | Windows |
| Windows Information Disclosure Vulnerability for Windows 8.1 for x86-based Systems (KB4512488) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1803 for x64-based Systems (KB4512501) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server 2016 (1803) for x64-based Systems (KB4512501) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1803 for x86-based Systems (KB4512501) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1709 for x64-based Systems (KB4512516) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1709 for x86-based Systems (KB4512516) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1903 for x64-based Systems (KB4512508) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server, version 1903 for x64-based Systems (KB4512508) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1903 for x86-based Systems (KB4512508) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4512517) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server 2016 for x64-based Systems (KB4512517) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server 2019 for x64-based Systems (KB4511553) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1809 for x64-based Systems (KB4511553) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1809 for x86-based Systems (KB4511553) | Windows |
| Windows ALPC Elevation of Privilege Vulnerability for Windows Server 2012 for x64-based Systems (KB4512518) | Windows |
| Windows ALPC Elevation of Privilege Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4512506) | Windows |
| Windows ALPC Elevation of Privilege Vulnerability for Windows 7 for x86-based Systems (KB4512506) | Windows |
| Windows ALPC Elevation of Privilege Vulnerability for Windows 7 for x64-based Systems (KB4512506) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1507 for x86-based Systems (KB4512497) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1507 for x64-based Systems (KB4512497) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4512507) | Windows |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.6 | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.6 Combo Update | Mac |
| Linux kernel (USN-4115-1) linux-image-gcp_4.15.0.1041.55_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-gke_4.15.0.1041.44_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-gke_4.15.0.1041.55_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-kvm_4.15.0.1043.43_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-oem_4.15.0.60.81_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-azure_4.15.0.1056.59_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-oracle_4.15.0.1022.16_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-oracle_4.15.0.1022.25_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-generic_4.15.0.60.62_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-generic_4.15.0.60.62_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-virtual_4.15.0.60.62_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-virtual_4.15.0.60.62_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-gke-4.15_4.15.0.1041.44_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-lowlatency_4.15.0.60.62_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-lowlatency_4.15.0.60.62_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-1041-gcp_4.15.0-1041.43_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-1041-gke_4.15.0-1041.43_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-1043-kvm_4.15.0-1043.43_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-1056-azure_4.15.0-1056.61_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-60-generic_4.15.0-60.67_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-60-generic_4.15.0-60.67_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-60-generic_4.15.0-60.67~16.04.1_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-60-generic_4.15.0-60.67~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-generic-hwe-16.04_4.15.0.60.81_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-generic-hwe-16.04_4.15.0.60.81_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-virtual-hwe-16.04_4.15.0.60.81_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-virtual-hwe-16.04_4.15.0.60.81_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-1022-oracle_4.15.0-1022.25_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-1022-oracle_4.15.0-1022.25~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-60-lowlatency_4.15.0-60.67_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-60-lowlatency_4.15.0-60.67_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-60-lowlatency_4.15.0-60.67~16.04.1_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-4.15.0-60-lowlatency_4.15.0-60.67~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-lowlatency-hwe-16.04_4.15.0.60.81_i386.deb | Linux |
| Linux kernel (USN-4115-1) linux-image-lowlatency-hwe-16.04_4.15.0.60.81_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-4118-1) linux-image-aws_4.15.0.1047.46_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-4118-1) linux-image-aws-hwe_4.15.0.1047.47_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-4118-1) linux-image-4.15.0-1047-aws_4.15.0-1047.49_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-4118-1) linux-image-4.15.0-1047-aws_4.15.0-1047.49~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-aws_5.0.0.1018.19_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-gcp_5.0.0.1020.46_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-gke_5.0.0.1020.46_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-kvm_5.0.0.1019.19_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-azure_5.0.0.1022.21_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-generic_5.0.0.31.32_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-generic_5.0.0.31.32_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-gke-5.0_5.0.0.1020.9_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-virtual_5.0.0.31.32_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-virtual_5.0.0.31.32_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-lowlatency_5.0.0.31.32_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-lowlatency_5.0.0.31.32_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-1018-aws_5.0.0-1018.20_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-1019-kvm_5.0.0-1019.20_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-1020-gcp_5.0.0-1020.20_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-1020-gke_5.0.0-1020.20~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-1022-azure_5.0.0-1022.23_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-31-generic_5.0.0-31.33_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-31-generic_5.0.0-31.33_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-31-generic_5.0.0-31.33~18.04.1_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-31-generic_5.0.0-31.33~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-generic-hwe-18.04_5.0.0.31.88_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-generic-hwe-18.04_5.0.0.31.88_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-virtual-hwe-18.04_5.0.0.31.88_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-virtual-hwe-18.04_5.0.0.31.88_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-31-lowlatency_5.0.0-31.33_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-31-lowlatency_5.0.0-31.33_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-31-lowlatency_5.0.0-31.33~18.04.1_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-5.0.0-31-lowlatency_5.0.0-31.33~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-lowlatency-hwe-18.04_5.0.0.31.88_i386.deb | Linux |
| Linux kernel (USN-4147-1) linux-image-lowlatency-hwe-18.04_5.0.0.31.88_amd64.deb | Linux |
| (RHSA-2019:3076) kpatch-patch security update kpatch-patch-3_10_0-1062-1-5.el7.x86_64.rpm | Linux |
| (RHSA-2019:3076) kpatch-patch security update kpatch-patch-3_10_0-1062_1_1-1-4.el7.x86_64.rpm | Linux |
| (RHSA-2019:3076) kpatch-patch security update kpatch-patch-3_10_0-1062_1_2-1-3.el7.x86_64.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-default-4.12.14-95.37.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-default-debuginfo-4.12.14-95.37.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-default-debugsource-4.12.14-95.37.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-default-devel-4.12.14-95.37.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-default-devel-debuginfo-4.12.14-95.37.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-default-extra-4.12.14-95.37.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-default-extra-debuginfo-4.12.14-95.37.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-devel-4.12.14-95.37.1.noarch.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-macros-4.12.14-95.37.1.noarch.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-source-4.12.14-95.37.1.noarch.rpm | Linux |
| SUSE-SU-2019:2879-1(SUSE Linux Enterprise Desktop 12-SP4 ) kernel-syms-4.12.14-95.37.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0093-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-4.12.14-16.7.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0093-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-base-4.12.14-16.7.1.x86_64.rpm | Linux |
| Key Negotiation of Bluetooth Vulnerability For Cisco IP Phone 8800 Series with Multiplatform Firmware | NCM |
| Key Negotiation of Bluetooth Vulnerability For Cisco Small Business IP Phones | NCM |
| Key Negotiation of Bluetooth Vulnerability For Cisco SIP IP Phone Software | NCM |
| Key Negotiation of Bluetooth Vulnerability For Cisco IP Phone 8800 Series | NCM |
| Key Negotiation of Bluetooth Vulnerability For Cisco Telepresence Integrator C Series | NCM |
| CVE-2019-9506 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-27195 | 2019-08 Security Only Quality Update for Windows 7 for x64-based Systems (KB4512486) |
| PATCH-27196 | 2019-08 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4512486) |
| PATCH-27197 | 2019-08 Security Only Quality Update for Windows 7 for x86-based Systems (KB4512486) |
| PATCH-27198 | 2019-08 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4512489) |
| PATCH-27199 | 2019-08 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4512489) |
| PATCH-27200 | 2019-08 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4512489) |
| PATCH-27203 | 2019-08 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4512482) |
| PATCH-27214 | 2019-08 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4512517) |
| PATCH-27235 | 2019-08 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4512488) |
| PATCH-27236 | 2019-08 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4512488) |
| PATCH-27237 | 2019-08 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4512488) |
| PATCH-27223 | 2019-08 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4512501) |
| PATCH-27224 | 2019-08 Cumulative Update for Windows Server 2016 (1803) for x64-based Systems (KB4512501) |
| PATCH-27225 | 2019-08 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4512501) |
| PATCH-27221 | 2019-08 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4512516) |
| PATCH-27222 | 2019-08 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4512516) |
| PATCH-27229 | 2019-08 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4512508) |
| PATCH-27230 | 2019-08 Cumulative Update for Windows Server, version 1903 for x64-based Systems (KB4512508) |
| PATCH-27231 | 2019-08 Cumulative Update for Windows 10 Version 1903 for x86-based Systems (KB4512508) |
| PATCH-27215 | 2019-08 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4512517) |
| PATCH-27216 | 2019-08 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4512517) |
| PATCH-27226 | 2019-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4511553) |
| PATCH-27227 | 2019-08 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4511553) |
| PATCH-27228 | 2019-08 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB4511553) |
| PATCH-27240 | 2019-08 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4512518) |
| PATCH-27232 | 2019-08 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4512506) |
| PATCH-27233 | 2019-08 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4512506) |
| PATCH-27234 | 2019-08 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4512506) |
| PATCH-27217 | 2019-08 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB4512497) |
| PATCH-27218 | 2019-08 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4512497) |
| PATCH-1705298 | Security Update for Cisco IP Phone 8800 Series with Multiplatform Firmware 11.3(3)MPP1.377 |
| PATCH-1705095 | Security Update for Cisco Small Business IP Phones 7.6(2)SR6 |
| PATCH-1705918 | Security Update for Cisco SIP IP Phone Software 11.7(1)MN19 |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
| PATCH-1706043 | Security Update for Cisco Telepresence Integrator C Series 9.1.1 |
| PATCH-602004 | macOS Mojave 10.14.6 |
| PATCH-602005 | macOS Mojave 10.14.6 Combo Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234