4.3

CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BluetoothBluetooth Core Specification Version >= 2.1 <= 5.2
FedoraprojectFedora Version34
DebianDebian Linux Version9.0
LinuxLinux Kernel Version < 5.13
IntelAx210 Firmware Version-
   IntelAx210 Version-
IntelAx201 Firmware Version-
   IntelAx201 Version-
IntelAx200 Firmware Version-
   IntelAx200 Version-
IntelAc 9560 Firmware Version-
   IntelAc 9560 Version-
IntelAc 9462 Firmware Version-
   IntelAc 9462 Version-
IntelAc 9461 Firmware Version-
   IntelAc 9461 Version-
IntelAc 9260 Firmware Version-
   IntelAc 9260 Version-
IntelAc 8265 Firmware Version-
   IntelAc 8265 Version-
IntelAc 8260 Firmware Version-
   IntelAc 8260 Version-
IntelAc 3168 Firmware Version-
   IntelAc 3168 Version-
IntelAc 7265 Firmware Version-
   IntelAc 7265 Version-
IntelAc 3165 Firmware Version-
   IntelAc 3165 Version-
IntelAx1675 Firmware Version-
   IntelAx1675 Version-
IntelAx1650 Firmware Version-
   IntelAx1650 Version-
IntelAc 1550 Firmware Version-
   IntelAc 1550 Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.87% 0.541
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.2 1.6 2.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 4.3 5.5 4.9
AV:A/AC:M/Au:N/C:P/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.debian.org/security/2021/dsa-4951
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Third Party Advisory
Mailing List
https://kb.cert.org/vuls/id/799380
Third Party Advisory
US Government Resource
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
Third Party Advisory
https://www.kb.cert.org/vuls/id/799380
https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202209-16
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
Third Party Advisory