CVE-2022-38788
CVSS v3.1 Vector:AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (5,5)
[Description]
An issue was discovered in Nokia FastMile 5G Receiver 5G14-B with software version 1.2104.00.0281.
Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
Nokia
[Affected Product Code Base]
Nokia FastMile 5G Receiver 5G14-B
Found in Software Version: 1.2104.00.0281
Pathed in: 1.2202.00.0266
[Attack Type Other]
Bluetooth
[Impact Information Disclosure]
true
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Reference]
https://www.nokia.com/notices/responsible-disclosure/
Product page: https://www.nokia.com/networks/products/fastmile-5g-receiver/
[Discoverer]
Daniel Wong