CVE-2020-10135

Опубликовано: 19 мая 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 4.8

EPSS Средний

Описание

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
Broken Link
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
Broken Link
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Jun/5
Exploit
Mailing List
Third Party Advisory
https://francozappa.github.io/about-bias/
Third Party Advisory
https://kb.cert.org/vuls/id/647177/
Third Party Advisory
US Government Resource
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
Broken Link
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
Broken Link
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Jun/5
Exploit
Mailing List
Third Party Advisory
https://francozappa.github.io/about-bias/
Third Party Advisory
https://kb.cert.org/vuls/id/647177/
Third Party Advisory
US Government Resource
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bluetooth:bluetooth_core:*:*:*:*:br:*:*:*

Версия до 5.2 (включая)

cpe:2.3:a:bluetooth:bluetooth_core:*:*:*:*:edr:*:*:*

Версия до 5.2 (включая)

Конфигурация 2

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14864

Средний

5.4 Medium

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-757

CWE-290

Связанные уязвимости

CVE-2020-10135

CVSS3: 5.4

ubuntu

около 5 лет назад

CVE-2020-10135

CVSS3: 5.4

redhat

около 5 лет назад

CVE-2020-10135

CVSS3: 5.4

debian

около 5 лет назад

Legacy pairing and secure-connections pairing authentication in Blueto ...

GHSA-mg6c-h9c4-rcc2

CVSS3: 5.4

github

около 3 лет назад

Legacy pairing and secure-connections pairing authentication in BluetoothÂ® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

BDU:2021-00474

CVSS3: 5.4

fstec

около 5 лет назад

Уязвимость реализации протокола согласования ключей шифрования Bluetooth BR/EDR, связанная с недостатками процедуры аутентификации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

EPSS

Процентиль: 94%

0.14864

Средний

5.4 Medium

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-757

CWE-290