Lucene search

[email protected]CVE-2020-26558

HistoryMay 24, 2021 - 6:15 p.m.

CVE-2020-26558

2021-05-2418:15:07

CWE-287

[email protected]

web.nvd.nist.gov

362

cve

2020

26558

bluetooth

vulnerability

man-in-the-middle

attack

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

4.2 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.5%

JSON

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

Affected configurations

NVD

Node

bluetoothbluetooth_core_specificationRange2.1–5.2

Node

fedoraprojectfedoraMatch34

Node

debiandebian_linuxMatch9.0

Node

linuxlinux_kernelRange<5.13

Node

intelax210_firmwareMatch-

AND

intelax210Match-

Node

intelax201_firmwareMatch-

AND

intelax201Match-

Node

intelax200_firmwareMatch-

AND

intelax200Match-

Node

intelac_9560_firmwareMatch-

AND

intelac_9560Match-

Node

intelac_9462_firmwareMatch-

AND

intelac_9462Match-

Node

intelac_9461_firmwareMatch-

AND

intelac_9461Match-

Node

intelac_9260_firmwareMatch-

AND

intelac_9260Match-

Node

intelac_8265_firmwareMatch-

AND

intelac_8265Match-

Node

intelac_8260_firmwareMatch-

AND

intelac_8260Match-

Node

intelac_3168_firmwareMatch-

AND

intelac_3168Match-

Node

intelac_7265_firmwareMatch-

AND

intelac_7265Match-

Node

intelac_3165_firmwareMatch-

AND

intelac_3165Match-

Node

intelax1675_firmwareMatch-

AND

intelax1675Match-

Node

intelax1650_firmwareMatch-

AND

intelax1650Match-

Node

intelac_1550_firmwareMatch-

AND

intelac_1550Match-

CPENameOperatorVersion
bluetooth:bluetooth_core_specificationbluetooth bluetooth core specificationle5.2

CPE	Name	Operator	Version
bluetooth:bluetooth_core_specification	bluetooth bluetooth core specification	le	5.2

References

kb.cert.org/vuls/id/799380

lists.debian.org/debian-lts-announce/2021/06/msg00019.html

lists.debian.org/debian-lts-announce/2021/06/msg00020.html

lists.debian.org/debian-lts-announce/2021/06/msg00022.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/

security.gentoo.org/glsa/202209-16

www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

www.debian.org/security/2021/dsa-4951

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html

Social References

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

4.2 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for CVE-2020-26558