CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-224 Final 1 1 2020-04-23T00:00:00 Current version 2020-04-23T00:00:00 2020-04-23T00:00:00 The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.This vulnerability only affects Bluetooth BR/EDR mode (aka. Classic mode), and does not impact Bluetooth LE mode (aka. BLE, Smart mode) Information disclosure FortiOS is not impactedFortiAP is not impactedFortiAnalyzer is not impactedFortiManager is not impactedFortiSwitch below 6.4.0 is impacted (*)* only FortiSwitch 424E, 426E and 448E series models under 6.0.x and 6.2.x and when their bluetooth feature been enabled and used then impacted. Upgrade to FortiSwitch 6.4.0Starting from FortiSwitch 6.4.0, a new CLI option "min-key-length" was added:config system bluetoothset min-key-length [length] / default length value is 7, allow 1 to 16 /endsystem will check the "pin" length based on min-key-length setting.Workaround:For FortiSwitch below 6.4.0, ensure the Bluetooth pair pin length is at least 7 characters:config system bluetoothset pin xxxxxxx / ensure pin length >= 7 characters /endRevision History:2020-04-17 Initial Version2020-04-23 Detail the FortiSwitch impact models and condition. https://fortiguard.fortinet.com/psirt/FG-IR-19-224 CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability https://www.kb.cert.org/vuls/id/918987/ https://www.kb.cert.org/vuls/id/918987/ CVE-2019-9506 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-224 CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability Reference> https://www.kb.cert.org/vuls/id/918987/ https://www.kb.cert.org/vuls/id/918987/