Bluetooth Vulnerability in Nokia FastMile 5G Receiver
CVE-2022-38788

4.3MEDIUM

Key Information:

Vendor: Nokia
Status: Fastmile 5g Receiver Firmware
Vendor: CVE Published:; 15 September 2022

Summary

A security flaw has been identified in the Nokia FastMile 5G Receiver, specifically in the Bluetooth functionality of the device. The outdated pairing mechanisms allow an attacker to passively capture pairing handshakes. By performing offline cracking on the intercepted data, the attacker can obtain sensitive credentials, including the PIN and long-term key (LTK). This vulnerability poses a significant risk to the confidentiality of communications over Bluetooth, highlighting the importance of modern cryptographic practices in ensuring device security.

References

https://www.nokia.com/notices/responsible-disclosure/

x_refsource_MISC

https://github.com/ProxyStaffy/Nokia-FastMile-5G-Receiver...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2022
Vulnerability Reserved
Aug 27, 2022