Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-26558

Опубликовано: 24 мая 2021
Источник: nvd
CVSS3: 4.2
CVSS2: 4.3
EPSS Низкий

Описание

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*
Версия от 2.1 (включая) до 5.2 (включая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 5.13 (исключая)
Конфигурация 5

Одновременно

cpe:2.3:o:intel:ax210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax210:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:intel:ax201_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:intel:ax200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:intel:ac_9560_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*
Конфигурация 9

Одновременно

cpe:2.3:o:intel:ac_9462_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*
Конфигурация 10

Одновременно

cpe:2.3:o:intel:ac_9461_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*
Конфигурация 11

Одновременно

cpe:2.3:o:intel:ac_9260_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*
Конфигурация 12

Одновременно

cpe:2.3:o:intel:ac_8265_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*
Конфигурация 13

Одновременно

cpe:2.3:o:intel:ac_8260_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*
Конфигурация 14

Одновременно

cpe:2.3:o:intel:ac_3168_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*
Конфигурация 15

Одновременно

cpe:2.3:o:intel:ac_7265_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_7265:-:*:*:*:*:*:*:*
Конфигурация 16

Одновременно

cpe:2.3:o:intel:ac_3165_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*
Конфигурация 17

Одновременно

cpe:2.3:o:intel:ax1675_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax1675:-:*:*:*:*:*:*:*
Конфигурация 18

Одновременно

cpe:2.3:o:intel:ax1650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax1650:-:*:*:*:*:*:*:*
Конфигурация 19

Одновременно

cpe:2.3:o:intel:ac_1550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_1550:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%
0.00023
Низкий

4.2 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2020-26558

CVSS3: 4.2
ubuntu
больше 4 лет назад

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

redhat логотип

CVE-2020-26558

CVSS3: 4.2
redhat
больше 4 лет назад

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

msrc логотип

CVE-2020-26558

CVSS3: 4.2
msrc
почти 4 года назад

Описание отсутствует

debian логотип

CVE-2020-26558

CVSS3: 4.2
debian
больше 4 лет назад

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ...

github логотип

GHSA-7g33-jchx-2fjc

CVSS3: 4.2
github
больше 3 лет назад

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

EPSS

Процентиль: 6%
0.00023
Низкий

4.2 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287