We use cookies and similar technologies (also from third parties) to collect your device and browser information for a better understanding on how you use our online offerings. This enables us to optimize and personalize your experience with Infineon and to provide you with additional services and information based on your individual profile. Details are available in our privacy policy.
Privacy Policyand Imprint
View and change cookie settings
Accept
Reject
Announcements

Robots are revolutionizing our lives in many ways. Join our webinar to learn about Infineon’s broad portfolio of robot building blocks.
Click here to register.

Ask the Community

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

AIROC™ Bluetooth Forum Discussions

HiNa_2357246
Level 5
Level 5
5 likes given 50 replies posted First like given
‎Mar 16, 2023 12:38 AM
‎Mar 16, 2023 12:38 AM

Countermeasure to CVE-2022-25836 / CYW20706

Jump to solution

Hello,

There seems to be no community Blog posts about CVE-2022-25836 but would enabling "LE Secure Connections only" should suffice to counter this vulnerability?

 

Regards,

0 Likes
Subscribe
1 Solution
advait_kulkarni
Moderator
Moderator
Moderator
50 solutions authored 10 likes received 100 sign-ins
‎Mar 17, 2023 12:12 AM
‎Mar 17, 2023 12:12 AM

Re: Countermeasure to CVE-2022-25836 / CYW20706

Jump to solution

Hi @HiNa_2357246 ,

This CVE does not affect our products. You can search on our community for "CVE" or "Security Bulletin" and you will see the CVEs we have fixed in our products, for example: https://community.infineon.com/t5/Blogs/Security-Bulletin-Public-Statement-on-Bluetooth-SIG-Member-S...  If any CVE is not found there then its probably because they do not affect our products.

For your case, LE secure with MITM authenticated pairing is to prevent this vulnerability. You need to set these capabilities in the BTM_PAIRING_IO_CAPABILITIES_BLE_REQUEST_EVT.

Thanks and regards,

Advait Kulkarni

View solution in original post

0 Likes
2 Replies
wasu
Level 3
Level 3
5 solutions authored 10 replies posted 10 questions asked
‎Mar 16, 2023 12:40 AM
‎Mar 16, 2023 12:40 AM

Re: Countermeasure to CVE-2022-25836 / CYW20706

Jump to solution
Hi @HiNa_2357246 ,
 
"LE Secure Connections only" together with "authenticated pairing" will prevent this issue.
 
"LE Secure Connections only" will encrypt data to protect against eavesdroppings.
 
"authenticated pairing" will protect against MITM attacks.
 
0 Likes
advait_kulkarni
Moderator
Moderator
Moderator
50 solutions authored 10 likes received 100 sign-ins
‎Mar 17, 2023 12:12 AM
‎Mar 17, 2023 12:12 AM

Re: Countermeasure to CVE-2022-25836 / CYW20706

Jump to solution

Hi @HiNa_2357246 ,

This CVE does not affect our products. You can search on our community for "CVE" or "Security Bulletin" and you will see the CVEs we have fixed in our products, for example: https://community.infineon.com/t5/Blogs/Security-Bulletin-Public-Statement-on-Bluetooth-SIG-Member-S...  If any CVE is not found there then its probably because they do not affect our products.

For your case, LE secure with MITM authenticated pairing is to prevent this vulnerability. You need to set these capabilities in the BTM_PAIRING_IO_CAPABILITIES_BLE_REQUEST_EVT.

Thanks and regards,

Advait Kulkarni

0 Likes
This widget could not be displayed.
This widget could not be displayed.