Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-25837

Authentication Bypass by Capture-replay

Published: Dec 12, 2022 | Modified: Dec 14, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-25837
CWEhttps://cwe.mitre.org/data/definitions/294.html

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.

Weakness

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Affected Software

Name Vendor Start Version End Version
Bluetooth_core_specification Bluetooth 1.1b (including) 5.3 (including)
Linux Ubuntu bionic *
Linux Ubuntu esm-infra-legacy/trusty *
Linux Ubuntu esm-infra/bionic *
Linux Ubuntu esm-infra/xenial *
Linux Ubuntu kinetic *
Linux Ubuntu lunar *
Linux Ubuntu mantic *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu xenial *
Linux-allwinner Ubuntu kinetic *
Linux-allwinner Ubuntu lunar *
Linux-allwinner Ubuntu upstream *
Linux-allwinner-5.19 Ubuntu jammy *
Linux-allwinner-5.19 Ubuntu upstream *
Linux-aws Ubuntu bionic *
Linux-aws Ubuntu esm-infra-legacy/trusty *
Linux-aws Ubuntu esm-infra/bionic *
Linux-aws Ubuntu esm-infra/xenial *
Linux-aws Ubuntu kinetic *
Linux-aws Ubuntu lunar *
Linux-aws Ubuntu mantic *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu bionic *
Linux-aws-5.0 Ubuntu esm-infra/bionic *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-5.11 Ubuntu focal *
Linux-aws-5.11 Ubuntu upstream *
Linux-aws-5.13 Ubuntu focal *
Linux-aws-5.13 Ubuntu upstream *
Linux-aws-5.19 Ubuntu jammy *
Linux-aws-5.19 Ubuntu upstream *
Linux-aws-5.3 Ubuntu bionic *
Linux-aws-5.3 Ubuntu esm-infra/bionic *
Linux-aws-5.3 Ubuntu upstream *
Linux-aws-5.4 Ubuntu bionic *
Linux-aws-5.4 Ubuntu esm-infra/bionic *
Linux-aws-5.8 Ubuntu focal *
Linux-aws-5.8 Ubuntu upstream *
Linux-aws-6.2 Ubuntu jammy *
Linux-aws-6.2 Ubuntu upstream *
Linux-aws-fips Ubuntu fips-updates/bionic *
Linux-aws-fips Ubuntu fips/bionic *
Linux-aws-hwe Ubuntu esm-infra/xenial *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu esm-infra-legacy/trusty *
Linux-azure Ubuntu esm-infra/bionic *
Linux-azure Ubuntu esm-infra/xenial *
Linux-azure Ubuntu kinetic *
Linux-azure Ubuntu lunar *
Linux-azure Ubuntu mantic *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu trusty/esm *
Linux-azure Ubuntu xenial *
Linux-azure-4.15 Ubuntu bionic *
Linux-azure-4.15 Ubuntu esm-infra/bionic *
Linux-azure-5.11 Ubuntu focal *
Linux-azure-5.11 Ubuntu upstream *
Linux-azure-5.13 Ubuntu focal *
Linux-azure-5.13 Ubuntu upstream *
Linux-azure-5.19 Ubuntu jammy *
Linux-azure-5.19 Ubuntu upstream *
Linux-azure-5.3 Ubuntu bionic *
Linux-azure-5.3 Ubuntu esm-infra/bionic *
Linux-azure-5.3 Ubuntu upstream *
Linux-azure-5.4 Ubuntu bionic *
Linux-azure-5.4 Ubuntu esm-infra/bionic *
Linux-azure-5.8 Ubuntu focal *
Linux-azure-5.8 Ubuntu upstream *
Linux-azure-6.2 Ubuntu jammy *
Linux-azure-6.2 Ubuntu upstream *
Linux-azure-edge Ubuntu bionic *
Linux-azure-edge Ubuntu esm-infra/bionic *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde Ubuntu focal *
Linux-azure-fde-5.19 Ubuntu jammy *
Linux-azure-fde-5.19 Ubuntu upstream *
Linux-azure-fde-6.2 Ubuntu jammy *
Linux-azure-fde-6.2 Ubuntu upstream *
Linux-azure-fips Ubuntu fips-updates/bionic *
Linux-azure-fips Ubuntu fips/bionic *
Linux-dell300x Ubuntu bionic *
Linux-dell300x Ubuntu upstream *
Linux-fips Ubuntu fips-updates/bionic *
Linux-fips Ubuntu fips-updates/xenial *
Linux-fips Ubuntu fips/bionic *
Linux-fips Ubuntu fips/xenial *
Linux-fips Ubuntu trusty *
Linux-fips Ubuntu xenial *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu esm-infra/bionic *
Linux-gcp Ubuntu esm-infra/xenial *
Linux-gcp Ubuntu kinetic *
Linux-gcp Ubuntu lunar *
Linux-gcp Ubuntu mantic *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu bionic *
Linux-gcp-4.15 Ubuntu esm-infra/bionic *
Linux-gcp-5.11 Ubuntu focal *
Linux-gcp-5.11 Ubuntu upstream *
Linux-gcp-5.13 Ubuntu focal *
Linux-gcp-5.13 Ubuntu upstream *
Linux-gcp-5.19 Ubuntu jammy *
Linux-gcp-5.19 Ubuntu upstream *
Linux-gcp-5.3 Ubuntu bionic *
Linux-gcp-5.3 Ubuntu esm-infra/bionic *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-5.4 Ubuntu bionic *
Linux-gcp-5.4 Ubuntu esm-infra/bionic *
Linux-gcp-5.8 Ubuntu focal *
Linux-gcp-5.8 Ubuntu upstream *
Linux-gcp-6.2 Ubuntu jammy *
Linux-gcp-6.2 Ubuntu upstream *
Linux-gcp-fips Ubuntu fips-updates/bionic *
Linux-gcp-fips Ubuntu fips/bionic *
Linux-gke Ubuntu focal *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu esm-infra/bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu bionic *
Linux-gke-5.0 Ubuntu upstream *
Linux-gke-5.15 Ubuntu focal *
Linux-gke-5.15 Ubuntu upstream *
Linux-gke-5.3 Ubuntu bionic *
Linux-gke-5.3 Ubuntu upstream *
Linux-gke-5.4 Ubuntu bionic *
Linux-gke-5.4 Ubuntu esm-infra/bionic *
Linux-gke-5.4 Ubuntu upstream *
Linux-gkeop-5.4 Ubuntu bionic *
Linux-gkeop-5.4 Ubuntu esm-infra/bionic *
Linux-gkeop-5.4 Ubuntu upstream *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu esm-infra/bionic *
Linux-hwe Ubuntu esm-infra/xenial *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.11 Ubuntu focal *
Linux-hwe-5.11 Ubuntu upstream *
Linux-hwe-5.13 Ubuntu focal *
Linux-hwe-5.13 Ubuntu upstream *
Linux-hwe-5.19 Ubuntu jammy *
Linux-hwe-5.19 Ubuntu upstream *
Linux-hwe-5.4 Ubuntu bionic *
Linux-hwe-5.4 Ubuntu esm-infra/bionic *
Linux-hwe-5.8 Ubuntu focal *
Linux-hwe-5.8 Ubuntu upstream *
Linux-hwe-6.2 Ubuntu jammy *
Linux-hwe-6.2 Ubuntu upstream *
Linux-hwe-6.5 Ubuntu jammy *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/bionic *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu kinetic *
Linux-ibm Ubuntu lunar *
Linux-ibm Ubuntu mantic *
Linux-ibm-5.4 Ubuntu bionic *
Linux-ibm-5.4 Ubuntu esm-infra/bionic *
Linux-intel-5.13 Ubuntu focal *
Linux-intel-5.13 Ubuntu upstream *
Linux-kvm Ubuntu bionic *
Linux-kvm Ubuntu esm-infra/bionic *
Linux-kvm Ubuntu esm-infra/xenial *
Linux-kvm Ubuntu kinetic *
Linux-kvm Ubuntu lunar *
Linux-kvm Ubuntu xenial *
Linux-laptop Ubuntu mantic *
Linux-lowlatency Ubuntu kinetic *
Linux-lowlatency Ubuntu lunar *
Linux-lowlatency Ubuntu mantic *
Linux-lowlatency-hwe-5.19 Ubuntu jammy *
Linux-lowlatency-hwe-5.19 Ubuntu upstream *
Linux-lowlatency-hwe-6.2 Ubuntu jammy *
Linux-lowlatency-hwe-6.2 Ubuntu upstream *
Linux-lowlatency-hwe-6.5 Ubuntu jammy *
Linux-lts-xenial Ubuntu esm-infra-legacy/trusty *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-nvidia-6.2 Ubuntu jammy *
Linux-nvidia-6.2 Ubuntu upstream *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu esm-infra/bionic *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-5.10 Ubuntu focal *
Linux-oem-5.10 Ubuntu upstream *
Linux-oem-5.13 Ubuntu focal *
Linux-oem-5.13 Ubuntu upstream *
Linux-oem-5.14 Ubuntu focal *
Linux-oem-5.14 Ubuntu upstream *
Linux-oem-5.17 Ubuntu jammy *
Linux-oem-5.17 Ubuntu kinetic *
Linux-oem-5.17 Ubuntu upstream *
Linux-oem-5.6 Ubuntu focal *
Linux-oem-5.6 Ubuntu upstream *
Linux-oem-6.0 Ubuntu jammy *
Linux-oem-6.0 Ubuntu upstream *
Linux-oem-6.1 Ubuntu jammy *
Linux-oem-6.1 Ubuntu upstream *
Linux-oem-osp1 Ubuntu bionic *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle Ubuntu bionic *
Linux-oracle Ubuntu esm-infra/bionic *
Linux-oracle Ubuntu esm-infra/xenial *
Linux-oracle Ubuntu kinetic *
Linux-oracle Ubuntu lunar *
Linux-oracle Ubuntu mantic *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.0 Ubuntu bionic *
Linux-oracle-5.0 Ubuntu esm-infra/bionic *
Linux-oracle-5.0 Ubuntu upstream *
Linux-oracle-5.11 Ubuntu focal *
Linux-oracle-5.11 Ubuntu upstream *
Linux-oracle-5.13 Ubuntu focal *
Linux-oracle-5.13 Ubuntu upstream *
Linux-oracle-5.3 Ubuntu bionic *
Linux-oracle-5.3 Ubuntu esm-infra/bionic *
Linux-oracle-5.3 Ubuntu upstream *
Linux-oracle-5.4 Ubuntu bionic *
Linux-oracle-5.4 Ubuntu esm-infra/bionic *
Linux-oracle-5.8 Ubuntu focal *
Linux-oracle-5.8 Ubuntu upstream *
Linux-raspi Ubuntu kinetic *
Linux-raspi Ubuntu lunar *
Linux-raspi Ubuntu mantic *
Linux-raspi-5.4 Ubuntu bionic *
Linux-raspi-5.4 Ubuntu esm-infra/bionic *
Linux-raspi2 Ubuntu bionic *
Linux-raspi2 Ubuntu focal *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2-5.3 Ubuntu bionic *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-riscv Ubuntu focal *
Linux-riscv Ubuntu jammy *
Linux-riscv Ubuntu kinetic *
Linux-riscv Ubuntu lunar *
Linux-riscv Ubuntu mantic *
Linux-riscv-5.11 Ubuntu focal *
Linux-riscv-5.11 Ubuntu upstream *
Linux-riscv-5.19 Ubuntu jammy *
Linux-riscv-5.19 Ubuntu upstream *
Linux-riscv-5.8 Ubuntu focal *
Linux-riscv-5.8 Ubuntu upstream *
Linux-riscv-6.5 Ubuntu jammy *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-starfive Ubuntu kinetic *
Linux-starfive Ubuntu lunar *
Linux-starfive Ubuntu mantic *
Linux-starfive-5.19 Ubuntu jammy *
Linux-starfive-5.19 Ubuntu upstream *
Linux-starfive-6.2 Ubuntu jammy *
Linux-starfive-6.2 Ubuntu upstream *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use