CVE-2019-9506 Encryption Key Negotiation of Bluetooth (KNOB) Vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-224
Final
1
1
2020-04-23T00:00:00
Current version
2020-04-23T00:00:00
2020-04-23T00:00:00
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.This vulnerability only affects Bluetooth BR/EDR mode (aka. Classic mode), and does not impact Bluetooth LE mode (aka. BLE, Smart mode)
Information Disclosure
FortiOS is not impactedFortiAP is not impactedFortiAnalyzer is not impactedFortiManager is not impactedFortiSwitch below 6.4.0 is impacted (*)* only FortiSwitch 424E, 426E and 448E series models under 6.0.x and 6.2.x and when their bluetooth feature been enabled and used then impacted.
Upgrade to FortiSwitch 6.4.0Starting from FortiSwitch 6.4.0, a new CLI option "min-key-length" was added:config system bluetoothset min-key-length [length] /* default length value is 7, allow 1 to 16 */endsystem will check the "pin" length based on min-key-length setting.Workaround:For FortiSwitch below 6.4.0, ensure the Bluetooth pair pin length is at least 7 characters:config system bluetoothset pin xxxxxxx /* ensure pin length >= 7 characters */endRevision History:2020-04-17 Initial Version2020-04-23 Detail the FortiSwitch impact models and condition.
https://fortiguard.fortinet.com/psirt/FG-IR-19-224
CVE-2019-9506 Encryption Key Negotiation of Bluetooth (KNOB) Vulnerability
https://www.kb.cert.org/vuls/id/918987/
https://www.kb.cert.org/vuls/id/918987/
FortiSwitch 6.2.7
FortiSwitch 6.2.6
FortiSwitch 6.2.5
FortiSwitch 6.2.4
FortiSwitch 6.2.3
FortiSwitch 6.2.2
FortiSwitch 6.0.7
FortiSwitch 6.0.6
FortiSwitch 6.0.5
CVE-2019-9506 Encryption Key Negotiation of Bluetooth (KNOB) Vulnerability
CVE-2019-9506
FortiSwitch-6.2.7
FortiSwitch-6.2.6
FortiSwitch-6.2.5
FortiSwitch-6.2.4
FortiSwitch-6.2.3
FortiSwitch-6.2.2
FortiSwitch-6.0.7
FortiSwitch-6.0.6
FortiSwitch-6.0.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-224
CVE-2019-9506 Encryption Key Negotiation of Bluetooth (KNOB) Vulnerability
Reference>
https://www.kb.cert.org/vuls/id/918987/
https://www.kb.cert.org/vuls/id/918987/