- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
There seems to be no community Blog posts about CVE-2022-25836 but would enabling "LE Secure Connections only" should suffice to counter this vulnerability?
Regards,
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @HiNa_2357246 ,
This CVE does not affect our products. You can search on our community for "CVE" or "Security Bulletin" and you will see the CVEs we have fixed in our products, for example: https://community.infineon.com/t5/Blogs/Security-Bulletin-Public-Statement-on-Bluetooth-SIG-Member-S... If any CVE is not found there then its probably because they do not affect our products.
For your case, LE secure with MITM authenticated pairing is to prevent this vulnerability. You need to set these capabilities in the BTM_PAIRING_IO_CAPABILITIES_BLE_REQUEST_EVT.
Thanks and regards,
Advait Kulkarni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @HiNa_2357246 ,
This CVE does not affect our products. You can search on our community for "CVE" or "Security Bulletin" and you will see the CVEs we have fixed in our products, for example: https://community.infineon.com/t5/Blogs/Security-Bulletin-Public-Statement-on-Bluetooth-SIG-Member-S... If any CVE is not found there then its probably because they do not affect our products.
For your case, LE secure with MITM authenticated pairing is to prevent this vulnerability. You need to set these capabilities in the BTM_PAIRING_IO_CAPABILITIES_BLE_REQUEST_EVT.
Thanks and regards,
Advait Kulkarni