CVE-2020-10134

2023-04-0606:44:16

redhat.com

access.redhat.com

bluetooth protocol flaw

man-in-the-middle attack

secure connections

simple pairing

oob pairing

disabling bluetooth

0.001 Low

EPSS

Percentile

21.6%

JSON

A flaw was discovered in the Bluetooth protocol affecting the Bluetooth LE Secure Connections pairing and the BR/EDR Secure Simple Pairing. An attacker with physical access to the Bluetooth connection could perform a man-in-the-middle attack between two devices using the Numeric Comparison and Passkey pairing association models. This attack may result in the man-in-the-middle becoming authenticated with the attacked devices and being able to initiate any Bluetooth operation exposed by the enabled Bluetooth profiles.

Mitigation

Use the Out of Band (OOB) pairing mechanism if possible. Disabling Bluetooth may be a suitable alternative for some environments, please refer to the Red Hat knowledgebase solution [1] for how to disable Bluetooth in Red Hat Enterprise Linux.

[1] <https://access.redhat.com/solutions/2682931>