5.4
CVE-2020-26555
- EPSS 0.89%
- Veröffentlicht 24.05.2021 18:15:07
- Zuletzt bearbeitet 04.11.2025 20:15:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bluetooth ≫ Bluetooth Core Specification Version >= 1.1b <= 5.2
Fedoraproject ≫ Fedora Version34
Intel ≫ Ax210 Firmware Version-
Intel ≫ Ax201 Firmware Version-
Intel ≫ Ax200 Firmware Version-
Intel ≫ Ac 9560 Firmware Version-
Intel ≫ Ac 9462 Firmware Version-
Intel ≫ Ac 9461 Firmware Version-
Intel ≫ Ac 9260 Firmware Version-
Intel ≫ Ac 8265 Firmware Version-
Intel ≫ Ac 8260 Firmware Version-
Intel ≫ Ac 3168 Firmware Version-
Intel ≫ Ac 7265 Firmware Version-
Intel ≫ Ac 3165 Firmware Version-
Intel ≫ Killer Wi-fi 6e Ax1675 Firmware Version-
Intel ≫ Killer Wi-fi 6 Ax1650 Firmware Version-
Intel ≫ Killer Ac 1550 Firmware Version-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.89% | 0.545 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 4.8 | 6.5 | 4.9 |
AV:A/AC:L/Au:N/C:P/I:P/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://kb.cert.org/vuls/id/799380
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
https://www.kb.cert.org/vuls/id/799380