Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cypress Subscribe
Filtered by product Psoc 4.2 Ble
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11957 1 Cypress 1 Psoc 4.2 Ble 2020-06-22 5.4 MEDIUM 7.5 HIGH
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing.