• State Verified Answer
  • Replies 3 replies
  • Subscribers 75 subscribers
  • Views 795 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 319020
Options

Inquiry Regarding BLUFFS CVE Vulnerability

Niteen

Hi,

My name is Niteen Borge, and I am reaching out from Imprivata Inc. We currently use Nordic products in our systems, and we are inquiring about their vulnerability status to the new CVE "BLUFFS." (https://nvd.nist.gov/vuln/detail/CVE-2023-24023).

The Bluetooth model is nRF52840-CKAA. Could you please provide information on whether Nordic products are affected by this CVE? Additionally, if there are any recommended actions or updates to address this vulnerability, I would greatly appreciate your guidance.

Thank you for your assistance, and I look forward to hearing from you soon.

Best regards,

Niteen

Parents
  • 0

    If you used the same security (key len) values from the SDK examples, you will be vulnerable. These set the min key strength to 7 for maximum interoperability (and compatibility with international laws).

    Your developer is free to set the value to 16 in your custom firmware which would fix the issue AFAIK. Using unmodified example code is not advisable in any case.

Reply
  • 0

    If you used the same security (key len) values from the SDK examples, you will be vulnerable. These set the min key strength to 7 for maximum interoperability (and compatibility with international laws).

    Your developer is free to set the value to 16 in your custom firmware which would fix the issue AFAIK. Using unmodified example code is not advisable in any case.

Children
No Data
Related
Terms of service