4.3
CVE-2020-26558
- EPSS 0.02%
- Published 24.05.2021 18:15:07
- Last modified 21.11.2024 05:20:04
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Data is provided by the National Vulnerability Database (NVD)
Bluetooth ≫ Bluetooth Core Specification Version >= 2.1 <= 5.2
Fedoraproject ≫ Fedora Version34
Debian ≫ Debian Linux Version9.0
Linux ≫ Linux Kernel Version < 5.13
Intel ≫ Ax210 Firmware Version-
Intel ≫ Ax201 Firmware Version-
Intel ≫ Ax200 Firmware Version-
Intel ≫ Ac 9560 Firmware Version-
Intel ≫ Ac 9462 Firmware Version-
Intel ≫ Ac 9461 Firmware Version-
Intel ≫ Ac 9260 Firmware Version-
Intel ≫ Ac 8265 Firmware Version-
Intel ≫ Ac 8260 Firmware Version-
Intel ≫ Ac 3168 Firmware Version-
Intel ≫ Ac 7265 Firmware Version-
Intel ≫ Ac 3165 Firmware Version-
Intel ≫ Ax1675 Firmware Version-
Intel ≫ Ax1650 Firmware Version-
Intel ≫ Ac 1550 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.045 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.2 | 1.6 | 2.5 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 5.5 | 4.9 |
AV:A/AC:M/Au:N/C:P/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.