CVE-2020-10135

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html

http://seclists.org/fulldisclosure/2020/Jun/5

https://francozappa.github.io/about-bias/

https://kb.cert.org/vuls/id/647177/

https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/

Details

Source: MITRE

Published: 2020-05-19

Updated: 2020-11-02

Type: CWE-287

Risk Information

CVSS v2

Base Score: 4.8

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 6.5

Severity: MEDIUM

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Impact Score: 2.5

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:bluetooth:bluetooth_core:*:*:*:*:br:*:*:* versions up to 5.2 (inclusive)

cpe:2.3:a:bluetooth:bluetooth_core:*:*:*:*:edr:*:*:* versions up to 5.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
147982Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)NessusUbuntu Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
144749Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4680-1)NessusUbuntu Local Security Checks
medium
143840SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2623-1)NessusSuSE Local Security Checks
high
143767SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2610-1)NessusSuSE Local Security Checks
high
143433Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)NessusUbuntu Local Security Checks
high
143431Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4658-1)NessusUbuntu Local Security Checks
high
143429Ubuntu 20.10 : Linux kernel vulnerabilities (USN-4659-1)NessusUbuntu Local Security Checks
high
140475SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2575-1)NessusSuSE Local Security Checks
high
140378SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)NessusSuSE Local Security Checks
medium
139766openSUSE Security Update : the Linux Kernel (openSUSE-2020-1236)NessusSuSE Local Security Checks
medium
139408SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2152-1)NessusSuSE Local Security Checks
high
139401openSUSE Security Update : the Linux Kernel (openSUSE-2020-1153)NessusSuSE Local Security Checks
critical
139364SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2134-1)NessusSuSE Local Security Checks
high
139363SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2122-1)NessusSuSE Local Security Checks
critical
139361SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2119-1)NessusSuSE Local Security Checks
critical
139308SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2105-1)NessusSuSE Local Security Checks
medium
139137EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807)NessusHuawei Local Security Checks
high