Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
References
Configurations
History
21 Nov 2024, 04:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html - Broken Link, Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html - Broken Link, Mailing List, Third Party Advisory | |
References | () http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html - Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2020/Jun/5 - Exploit, Mailing List, Third Party Advisory | |
References | () https://francozappa.github.io/about-bias/ - Third Party Advisory | |
References | () https://kb.cert.org/vuls/id/647177/ - Third Party Advisory, US Government Resource | |
References | () https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/ - Vendor Advisory |
Information
Published : 2020-05-19 16:15
Updated : 2024-11-21 04:54
NVD link : CVE-2020-10135
Mitre link : CVE-2020-10135
CVE.ORG link : CVE-2020-10135
JSON object : View
Products Affected
bluetooth
- bluetooth_core
opensuse
- leap