Mist Security Advisory – BLURtooth Attack

CVE: CVE-2020-15802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802
Publication Date: 2020-09-16

Summary

Mist products are not impacted by the BLURtooth vulnerability. This vulnerability is related to the use of Cross-Transport Key Derivation (CTKD) for pairing Bluetooth devices.

Affected Products

None of the Mist products are affected by this vulnerability.

  1. Mist APs only operate the BLE ( Bluetooth Low Energy) capability for location services and AP operations , and do not enable any BT ( Bluetooth) classic functionality. This vulnerability only impacts dual mode operations of BT/BLE.
  2. Specific to the BLE operations, Mist APs only advertise/scan frames on the advertising channels, which are not impacted by this vulnerability. There is no data channel communication/ pairing with other BLE devices.

 

For more information, please see:

https://www.kb.cert.org/vuls/id/589825

https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/