CVE-2020-26558

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

References

https://kb.cert.org/vuls/id/799380

https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

https://lists.fedoraproject.org/archives/list/[email protected]/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html

Details

Source: MITRE

Published: 2021-05-24

Updated: 2021-08-07

Type: CWE-287

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 5.5

Severity: MEDIUM

CVSS v3

Base Score: 4.2

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Impact Score: 2.5

Exploitability Score: 1.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:* versions from 2.1 to 5.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
155106RHEL 8 : bluez (RHSA-2021:4432)NessusRed Hat Local Security Checks
medium
155034CentOS 8 : bluez (CESA-2021:4432)NessusCentOS Local Security Checks
medium
153129Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5017-1)NessusUbuntu Local Security Checks
high
152774Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5050-1)NessusUbuntu Local Security Checks
medium
152665Ubuntu 20.04 LTS / 21.04 : Linux kernel vulnerabilities (USN-5046-1)NessusUbuntu Local Security Checks
medium
152271Debian DSA-4951-1 : bluez - security updateNessusDebian Local Security Checks
high
152055SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2451-1)NessusSuSE Local Security Checks
high
151998SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2422-1)NessusSuSE Local Security Checks
high
151996SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2426-1)NessusSuSE Local Security Checks
high
151989SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151986SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)NessusSuSE Local Security Checks
high
151935openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151920Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-5018-1)NessusUbuntu Local Security Checks
high
151897Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-202-01)NessusSlackware Local Security Checks
high
151878SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2406-1)NessusSuSE Local Security Checks
high
151793Amazon Linux 2 : kernel (ALAS-2021-1685)NessusAmazon Linux Local Security Checks
medium
151743openSUSE 15 Security Update : bluez (openSUSE-SU-2021:2291-1)NessusSuSE Local Security Checks
medium
151658SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2349-1)NessusSuSE Local Security Checks
high
151653SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:2324-1)NessusSuSE Local Security Checks
high
151652SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:2325-1)NessusSuSE Local Security Checks
high
151649SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2321-1)NessusSuSE Local Security Checks
high
151617SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2303-1)NessusSuSE Local Security Checks
high
151531SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2021:2291-1)NessusSuSE Local Security Checks
medium
151200SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2202-1)NessusSuSE Local Security Checks
high
151125SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:2184-1)NessusSuSE Local Security Checks
high
151044Debian DLA-2692-1 : bluez security updateNessusDebian Local Security Checks
medium
150985Debian DLA-2689-1 : linux security updateNessusDebian Local Security Checks
high
150984Debian DLA-2690-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
150846Ubuntu 16.04 LTS : BlueZ vulnerabilities (USN-4989-2)NessusUbuntu Local Security Checks
high
150809Ubuntu 18.04 LTS / 20.04 LTS : BlueZ vulnerabilities (USN-4989-1)NessusUbuntu Local Security Checks
high