Skip to main content

CVE-2022-25837: n/a in n/a

High
VulnerabilityCVE-2022-25837cvecve-2022-25837n-acwe-294
Published: Mon Dec 12 2022 (12/12/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.

AI-Powered Analysis

AILast updated: 06/21/2025, 16:38:56 UTC

Technical Analysis

CVE-2022-25837 is a high-severity vulnerability affecting the Bluetooth® Core Specification versions 1.0B through 5.3. The flaw arises from the interaction between two different Bluetooth pairing methods: BR/EDR Secure Connections pairing and BR/EDR Legacy PIN code pairing. Specifically, when one device supports Secure Connections pairing and the other uses Legacy PIN code pairing, an unauthenticated man-in-the-middle (MITM) attacker in physical proximity can exploit a pairing method confusion attack. The attacker initiates Secure Simple Pairing in Secure Connections mode with the pairing Initiator device using the Passkey association model, while simultaneously engaging the Responder device using Legacy PIN code pairing. By brute forcing the 6-digit PIN code entered by the user on the Responder device, the attacker can discover the PIN. This PIN can then be reused as the Passkey to complete authentication with the Initiator device. This attack allows the MITM to intercept and acquire Bluetooth credentials exchanged during pairing without requiring prior authentication or elevated privileges. The vulnerability impacts confidentiality and integrity of Bluetooth communications but does not affect availability. Exploitation requires physical proximity (adjacent access) and user interaction to initiate pairing, with a high attack complexity due to the brute force step. The vulnerability is tracked under CWE-294 (Improper Authentication) and has a CVSS v3.1 base score of 7.5 (High), reflecting its significant impact on confidentiality and integrity with limited exploitability. No known exploits have been reported in the wild, and no specific vendor or product patches are currently linked, as this is a specification-level issue affecting a broad range of Bluetooth implementations adhering to the affected specification versions.

Potential Impact

For European organizations, this vulnerability poses a significant risk to any Bluetooth-enabled devices that implement the affected Bluetooth Core Specification versions, especially those that support both Secure Connections and Legacy PIN code pairing modes. Potential impacts include unauthorized interception of sensitive data transmitted over Bluetooth, such as credentials, personal information, or proprietary data, leading to confidentiality breaches. Integrity of Bluetooth communications can also be compromised, enabling attackers to manipulate pairing processes or inject malicious data. This is particularly concerning for sectors relying heavily on Bluetooth connectivity, such as manufacturing (industrial IoT devices), healthcare (medical devices), transportation (vehicle systems), and enterprise environments using Bluetooth peripherals. The attack requires physical proximity, so environments with high device density or public access areas are at greater risk. Additionally, the vulnerability could undermine trust in Bluetooth-based authentication mechanisms, potentially disrupting secure device onboarding and communications. While availability is not directly impacted, the breach of confidentiality and integrity can lead to secondary operational disruptions and compliance violations under GDPR and other data protection regulations prevalent in Europe.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should: 1) Audit and inventory all Bluetooth-enabled devices to identify those supporting affected Bluetooth specification versions and pairing modes. 2) Where possible, disable Legacy PIN code pairing on devices and enforce Secure Connections pairing exclusively, as Legacy PIN code pairing is inherently less secure and facilitates this attack. 3) Update device firmware and software to the latest versions that implement patches or mitigations addressing this vulnerability once available from vendors. 4) Implement physical security controls to restrict unauthorized proximity access to Bluetooth devices, such as secure zones or shielding in sensitive environments. 5) Educate users to avoid pairing Bluetooth devices in public or unsecured areas and to be vigilant about unexpected pairing requests. 6) Monitor Bluetooth pairing logs and network activity for unusual pairing attempts or repeated failed passkey entries indicative of brute force attempts. 7) Engage with device manufacturers and vendors to prioritize updates and request security advisories related to this vulnerability. 8) Consider deploying Bluetooth intrusion detection systems or anomaly detection tools capable of identifying suspicious pairing behaviors. These measures go beyond generic advice by focusing on eliminating Legacy PIN code pairing, enhancing physical security, and proactive monitoring tailored to this specific attack vector.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-02-24T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9848c4522896dcbf5e6b

Added to database: 5/21/2025, 9:09:28 AM

Last enriched: 6/21/2025, 4:38:56 PM

Last updated: 7/25/2025, 9:25:44 PM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats