CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

Published: Aug 14, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-9506
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.8
AV:A/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-327

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
apple / mac_os_x	10.12.6	10.12.6.x
apple / mac_os_x	10.13.6	10.13.6.x
apple / watchos	5.3	5.3.x
apple / iphone_os	12.4	12.4.x
apple / mac_os_x	10.14.5	10.14.5.x
apple / tvos	12.4	12.4.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	19.04	19.04.x
canonical / ubuntu_linux	16.04	16.04.x
debian / debian_linux	8.0	8.0.x
opensuse / leap	15.0	15.0.x
opensuse / leap	15.1	15.1.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_for_real_time	7	7.x
redhat / enterprise_linux_for_real_time_for_nfv	7	7.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_tus	7.4	7.4.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
redhat / enterprise_linux_eus	7.6	7.6.x
redhat / enterprise_linux_tus	7.6	7.6.x
redhat / mrg_realtime	2.0	2.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux_server_aus	7.7	7.7.x
redhat / enterprise_linux_server_tus	7.7	7.7.x
redhat / enterprise_linux_eus	7.7	7.7.x
redhat / enterprise_linux_eus	8.1	8.1.x
redhat / enterprise_linux_eus	8.2	8.2.x
redhat / enterprise_linux_server_tus	8.2	8.2.x
redhat / enterprise_linux_server_aus	8.2	8.2.x
redhat / enterprise_linux_for_real_time	8	8.x
redhat / enterprise_linux_server_tus	8.4	8.4.x
redhat / enterprise_linux_eus	8.4	8.4.x
redhat / enterprise_linux_server_aus	8.4	8.4.x
redhat / enterprise_linux_for_real_time_for_nfv	8	8.x
redhat / enterprise_linux_for_real_time_eus	8.4	8.4.x
redhat / enterprise_linux_for_real_time_eus	8.2	8.2.x
redhat / enterprise_linux_for_real_time_for_nfv_eus	8.4	8.4.x
redhat / enterprise_linux_for_real_time_for_nfv_eus	8.2	8.2.x
redhat / virtualization_host_eus	4.2	4.2.x
redhat / enterprise_linux_aus	7.5	7.5.x
huawei / alp-al00b_firmware	-	9.1.0.333\(c00e333r2p1t8\)
huawei / ares-al00b_firmware	-	9.1.0.160\(c00e160r2p5t8\)
huawei / ares-al10d_firmware	-	9.1.0.160\(c00e160r2p5t8\)
huawei / ares-tl00c_firmware	-	9.1.0.165\(c01e165r2p5t8\)
huawei / asoka-al00ax_firmware	-	9.1.1.181\(c00e48r6p1\)
huawei / atomu-l33_firmware	-	8.0.0.147\(c605custc605d1\)
huawei / atomu-l41_firmware	-	8.0.0.153\(c461custc461d1\)
huawei / atomu-l42_firmware	-	8.0.0.155\(c636custc636d1\)
huawei / bla-al00b_firmware	-	9.1.0.329\(c786e320r2p1t8\)
huawei / bla-l29c_firmware	-	9.1.0.300\(c605e2r1p12t8\)
huawei / bla-tl00b_firmware	-	9.1.0.329\(c01e320r1p1t8\)
huawei / barca-al00_firmware	-	8.0.0.366\(c00\)
huawei / berkeley-al20_firmware	-	9.1.0.333\(c00e333r2p1t8\)
huawei / berkeley-l09_firmware	-	9.1.0.332\(c432e5r1p13t8\)
huawei / berkeley-tl10_firmware	-	9.1.0.333\(c01e333r1p1t8\)
huawei / cairogo-l22_firmware	-	cairogo-l22c461b153
huawei / charlotte-l29c_firmware	-	9.1.0.311\(c605e2r1p11t8\)
huawei / columbia-al10b_firmware	-	9.1.0.333\(c00e333r1p1t8\)
huawei / columbia-al10i_firmware	-	9.1.0.335\(c675e8r1p9t8\)
huawei / columbia-l29d_firmware	-	9.1.0.350\(c10e5r1p14t8\)
huawei / columbia-tl00d_firmware	-	8.1.0.186\(c01gt\)
huawei / cornell-al00a_firmware	-	9.1.0.333\(c00e333r1p1t8\)
huawei / cornell-al00i_firmware	-	9.1.0.363\(c675e3r1p9t8\)
huawei / cornell-al00ind_firmware	-	8.2.0.141\(c675custc675d1gt\)
huawei / cornell-al10ind_firmware	-	9.1.0.363\(c675e2r1p9t8\)
huawei / cornell-l29a_firmware	-	9.1.0.336\(c636e2r1p12t8\)
huawei / cornell-tl10b_firmware	-	9.1.0.333\(c01e333r1p1t8\)
huawei / dubai-al00a_firmware	-	8.2.0.190\(c00r2p2\)
huawei / dura-al00a_firmware	-	1.0.0.182\(c00\)
huawei / dura-tl00a_firmware	-	1.0.0.176\(c01\)
huawei / emily-l29c_firmware	8.1.0.156(c605)	8.1.0.156(c605).x
huawei / ever-l29b_firmware	-	9.1.0.338\(c185e3r3p1\)
huawei / figo-l23_firmware	-	9.1.0.160\(c605e6r1p5t8\)
huawei / figo-l31_firmware	8.0.0.122d(c652)	8.0.0.122d(c652).x
huawei / figo-tl10b_firmware	-	9.1.0.130\(c01e115r2p8t8\)
huawei / florida-al20b_firmware	-	9.1.0.128\(c00e112r1p6t8\)
huawei / florida-l21_firmware	-	9.1.0.150\(c185e6r1p5t8\)
huawei / florida-l22_firmware	-	9.1.0.150\(c636e6r1p5t8\)
huawei / florida-l23_firmware	-	9.1.0.154\(c605e7r1p2t8\)
huawei / florida-tl10b_firmware	-	9.1.0.128\(c01e112r1p6t8\)
huawei / honor_20_firmware	-	9.1.0.143\(c675e8r2p1\)
huawei / honor_20_pro_firmware	-	9.1.0.154\(c185e2r5p1\)
huawei / bla-l29c_firmware	-	9.1.0.306\(c185e2r1p13t8\)
huawei / bla-l29c_firmware	-	9.1.0.306\(c432e4r1p11t8\)
huawei / bla-l29c_firmware	-	9.1.0.306\(c636e2r1p13t8\)
huawei / bla-l29c_firmware	-	9.1.0.307\(c635e4r1p13t8\)
huawei / berkeley-l09_firmware	-	9.1.0.350\(c10e3r1p14t8\)
huawei / berkeley-l09_firmware	-	9.1.0.350\(c636e4r1p13t8\)
huawei / charlotte-l29c_firmware	-	9.1.0.325\(c185e4r1p11t8\)
huawei / charlotte-l29c_firmware	-	9.1.0.325\(c636e2r1p12t8\)
huawei / charlotte-l29c_firmware	-	9.1.0.328\(c432e5r1p9t8\)
huawei / charlotte-l29c_firmware	-	9.1.0.328\(c782e10r1p9t8\)
huawei / columbia-l29d_firmware	-	9.1.0.350\(c185e3r1p12t8\)
huawei / columbia-l29d_firmware	-	9.1.0.350\(c461e3r1p11t8\)
huawei / columbia-l29d_firmware	-	9.1.0.350\(c636e3r1p13t8\)
huawei / columbia-l29d_firmware	-	9.1.0.351\(c432e5r1p13t8\)
huawei / cornell-l29a_firmware	-	9.1.0.341\(c185e1r1p9t8\)
huawei / cornell-l29a_firmware	-	9.1.0.342\(c461e1r1p9t8\)
huawei / cornell-l29a_firmware	-	9.1.0.347\(c432e1r1p9t8\)
huawei / emily-l29c_firmware	-	9.1.0.311\(c461e2r1p11t8\)
huawei / emily-l29c_firmware	-	9.1.0.325\(c185e2r1p12t8\)
huawei / emily-l29c_firmware	-	9.1.0.325\(c636e7r1p13t8\)
huawei / emily-l29c_firmware	-	9.1.0.326\(c635e2r1p11t8\)
huawei / emily-l29c_firmware	-	9.1.0.328\(c432e7r1p11t8\)
huawei / figo-l31_firmware	-	9.1.0.122\(c09e7r1p5t8\)
huawei / figo-l31_firmware	-	9.1.0.137\(c33e8r1p5t8\)
huawei / figo-l31_firmware	-	9.1.0.137\(c530e8r1p5t8\)
huawei / figo-l31_firmware	-	9.1.0.158\(c432e8r1p5t8\)
huawei / figo-l31_firmware	-	9.1.0.165\(c10e8r1p5t8\)
huawei / florida-l21_firmware	-	9.1.0.150\(c432e6r1p5t8\)
huawei / honor_20_firmware	-	9.1.0.149\(c675e8r2p1\)
huawei / honor_20_pro_firmware	-	9.1.0.154\(c432e2r5p1\)
huawei / honor_20_pro_firmware	-	9.1.0.154\(c636e2r3p1\)
huawei / honor_20_pro_firmware	-	9.1.0.155\(c10e2r3p1\)
huawei / honor_20_pro_firmware	-	9.1.0.170\(c185e2r5p1\)
huawei / honor_20_pro_firmware	-	9.1.0.170\(c636e2r3p1\)
huawei / honor_20_pro_firmware	-	9.1.0.171\(c10e2r3p1\)
huawei / honor_20_pro_firmware	-	9.1.0.172\(c432e2r5p1\)

Vulnerability Database

289,599

CVE-2019-9506