CVE-2020-26560: 
Linux Ubuntu vulnerability analysis and mitigation

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile versions 1.0 and 1.0.1 contains a security vulnerability identified as CVE-2020-26560. The vulnerability allows a nearby device to complete authentication by reflecting the authentication evidence from a Provisioner without possessing the AuthValue, potentially gaining unauthorized access to NetKey and AppKey (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. The attack requires adjacent access (AV:A) with low attack complexity (AC:L), requires no privileges (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), with high impact on confidentiality (C:H) and integrity (I:H), but no impact on availability (A:N) (NVD).

If successfully exploited, an attacker within wireless range could impersonate a device being provisioned and gain unauthorized access to the network's NetKey and potentially AppKey. This could lead to unauthorized access to the Bluetooth mesh network and compromise of network security (CERT VU).

The Bluetooth SIG recommends that potentially vulnerable mesh provisioners restrict the authentication procedure and not accept provisioning both random and confirmation numbers from a remote peer that are the same as those selected by the local device (Bluetooth Security).