Lucene search

Redhat.comRH:CVE-2020-9770

HistorySep 24, 2020 - 3:46 a.m.

CVE-2020-9770

2020-09-2403:46:26

redhat.com

access.redhat.com

logic issue

state management

ios 13.4

ipados 13.4

bluetooth interception

privileged network

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.1%

JSON

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.

Mitigation

Bluetooth Low Energy can be disabled altogether if it is not required, using the configuration below. This will prevent BLE devices from connecting with the host, disabling this attack

ControllerMode=bredr

References

bugzilla.redhat.com/show_bug.cgi?id=1879820

nvd.nist.gov/vuln/detail/CVE-2020-9770

www.cve.org/CVERecord?id=CVE-2020-9770

www.usenix.org/system/files/woot20-paper-wu-updated.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.1%

JSON

Related for RH:CVE-2020-9770