CVE-2020-26555

kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

Un emparejamiento de código PIN BR/EDR heredado de Bluetooth en Bluetooth Core Specification versiones 1.0B hasta 5.2, puede permitir a un dispositivo cercano no autenticado falsificar el BD_ADDR del dispositivo peer para completar el emparejamiento sin conocer el PIN

A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-10-04 CVE Reserved
2021-05-24 CVE Published
2024-02-07 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-863: Incorrect Authorization

CAPEC

References (6)

URL	Tag	Source
https://kb.cert.org/vuls/id/799380	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ	2023-11-07
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-26555	2024-07-08
https://bugzilla.redhat.com/show_bug.cgi?id=1918601	2024-07-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Intel Search vendor "Intel"	Ax210 Firmware Search vendor "Intel" for product "Ax210 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax210 Search vendor "Intel" for product "Ax210"	-	-	Safe
Intel Search vendor "Intel"	Ax201 Firmware Search vendor "Intel" for product "Ax201 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax201 Search vendor "Intel" for product "Ax201"	-	-	Safe
Intel Search vendor "Intel"	Ax200 Firmware Search vendor "Intel" for product "Ax200 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax200 Search vendor "Intel" for product "Ax200"	-	-	Safe
Intel Search vendor "Intel"	Ac 9560 Firmware Search vendor "Intel" for product "Ac 9560 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 9560 Search vendor "Intel" for product "Ac 9560"	-	-	Safe
Intel Search vendor "Intel"	Ac 9462 Firmware Search vendor "Intel" for product "Ac 9462 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 9462 Search vendor "Intel" for product "Ac 9462"	-	-	Safe
Intel Search vendor "Intel"	Ac 9461 Firmware Search vendor "Intel" for product "Ac 9461 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 9461 Search vendor "Intel" for product "Ac 9461"	-	-	Safe
Intel Search vendor "Intel"	Ac 9260 Firmware Search vendor "Intel" for product "Ac 9260 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 9260 Search vendor "Intel" for product "Ac 9260"	-	-	Safe
Intel Search vendor "Intel"	Ac 8265 Firmware Search vendor "Intel" for product "Ac 8265 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 8265 Search vendor "Intel" for product "Ac 8265"	-	-	Safe
Intel Search vendor "Intel"	Ac 8260 Firmware Search vendor "Intel" for product "Ac 8260 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 8260 Search vendor "Intel" for product "Ac 8260"	-	-	Safe
Intel Search vendor "Intel"	Ac 3168 Firmware Search vendor "Intel" for product "Ac 3168 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 3168 Search vendor "Intel" for product "Ac 3168"	-	-	Safe
Intel Search vendor "Intel"	Ac 7265 Firmware Search vendor "Intel" for product "Ac 7265 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 7265 Search vendor "Intel" for product "Ac 7265"	-	-	Safe
Intel Search vendor "Intel"	Ac 3165 Firmware Search vendor "Intel" for product "Ac 3165 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 3165 Search vendor "Intel" for product "Ac 3165"	-	-	Safe
Intel Search vendor "Intel"	Killer Wi-fi 6e Ax1675 Firmware Search vendor "Intel" for product "Killer Wi-fi 6e Ax1675 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Killer Wi-fi 6e Ax1675 Search vendor "Intel" for product "Killer Wi-fi 6e Ax1675"	-	-	Safe
Intel Search vendor "Intel"	Killer Wi-fi 6 Ax1650 Firmware Search vendor "Intel" for product "Killer Wi-fi 6 Ax1650 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Killer Wi-fi 6 Ax1650 Search vendor "Intel" for product "Killer Wi-fi 6 Ax1650"	-	-	Safe
Intel Search vendor "Intel"	Killer Ac 1550 Firmware Search vendor "Intel" for product "Killer Ac 1550 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Killer Ac 1550 Search vendor "Intel" for product "Killer Ac 1550"	-	-	Safe
Bluetooth Search vendor "Bluetooth"		Bluetooth Core Specification Search vendor "Bluetooth" for product "Bluetooth Core Specification"				>= 1.1b <= 5.2 Search vendor "Bluetooth" for product "Bluetooth Core Specification" and version " >= 1.1b <= 5.2"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected