CVE-2022-38788

4.3MEDIUM

Key Information:

Vendor: Nokia
Status: Fastmile 5g Receiver Firmware
Vendor: CVE Published:; 15 September 2022

Summary

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).

References

https://www.nokia.com/notices/responsible-disclosure/

x_refsource_MISC

https://github.com/ProxyStaffy/Nokia-FastMile-5G-Receiver...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2022
Vulnerability Reserved
Aug 27, 2022

Collectors

NVD DatabaseMitre Database