CVE-2020-10135
Bluetooth devices supporting BR/EDR v5.2 and earlier are vulnerable to impersonation attacks
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
El emparejamiento heredado y la identificación de emparejamiento de conexiones seguras en Bluetooth BR / EDR Core Specification v5.2 y anteriores pueden permitir que un usuario no identificado complete la autenticación sin emparejar credenciales a través de acceso adyacente. Un atacante adyacente no autenticado podría hacerse pasar por un maestro o esclavo Bluetooth BR / EDR para emparejarse con un dispositivo remoto previamente emparejado para completar con éxito el procedimiento de autenticación sin conocer la clave de enlace
A flaw was discovered in the Bluetooth protocol affecting the Bluetooth BR/EDR authentication. An attacker with physical access to the Bluetooth connection could perform a spoofing attack impersonating the address of a previously paired remote device. This attack may result in the attacking device completing the authentication procedure successfully despite not possessing the link key. This flaw, in turn, could permit an attacker to initiate the Bluetooth Key Negotiation (KNOB) attack more efficiently, potentially gaining full access as the remote paired device.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-05 CVE Reserved
- 2020-05-19 CVE Published
- 2020-06-01 First Exploit
- 2024-03-21 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-290: Authentication Bypass by Spoofing
- CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html | Third Party Advisory |
|
| https://francozappa.github.io/about-bias | Third Party Advisory | |
| https://kb.cert.org/vuls/id/647177 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/m4rm0k/CVE-2020-10135-BIAS | 2020-06-01 | |
| http://seclists.org/fulldisclosure/2020/Jun/5 | 2024-09-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bluetooth Search vendor "Bluetooth" | Bluetooth Core Search vendor "Bluetooth" for product "Bluetooth Core" | <= 5.2 Search vendor "Bluetooth" for product "Bluetooth Core" and version " <= 5.2" | br |
Affected
| ||||||
| Bluetooth Search vendor "Bluetooth" | Bluetooth Core Search vendor "Bluetooth" for product "Bluetooth Core" | <= 5.2 Search vendor "Bluetooth" for product "Bluetooth Core" and version " <= 5.2" | edr |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||