CVE: CVE-2020-15802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802
Publication Date: 2020-09-16
Summary
Mist products are not impacted by the BLURtooth vulnerability. This vulnerability is related to the use of Cross-Transport Key Derivation (CTKD) for pairing Bluetooth devices.
Affected Products
None of the Mist products are affected by this vulnerability.
- Mist APs only operate the BLE ( Bluetooth Low Energy) capability for location services and AP operations , and do not enable any BT ( Bluetooth) classic functionality. This vulnerability only impacts dual mode operations of BT/BLE.
- Specific to the BLE operations, Mist APs only advertise/scan frames on the advertising channels, which are not impacted by this vulnerability. There is no data channel communication/ pairing with other BLE devices.
For more information, please see:
https://www.kb.cert.org/vuls/id/589825
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/