CVE-2020-26558

bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack

Severity Score

4.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

El emparejamiento seguro de Bluetooth LE y BR/EDR en Bluetooth Core Specification versiones 2.1 hasta 5.2, puede permitir a un atacante de tipo man-in-the-middle cercano identificar el Passkey usada durante el emparejamiento (en el procedimiento de autenticación de Passkey) mediante el reflejo de la clave pública y la evidencia de autenticació del dispositivo de inicio, potencialmente permitiendo a este atacante completar el emparejamiento autenticado con el dispositivo que responde usando la contraseña correcta para la sesión de emparejamiento. La metodología de ataque determina el valor de la Clave un bit a la vez

A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-10-04 CVE Reserved
2021-05-24 CVE Published
2024-07-25 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (12)

URL	Tag	Source
https://kb.cert.org/vuls/id/799380	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	Mailing List
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	Mailing List
https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html	Mailing List
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ	2023-11-07
https://security.gentoo.org/glsa/202209-16	2023-11-07
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security	2023-11-07
https://www.debian.org/security/2021/dsa-4951	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-26558	2021-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1918602	2021-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Intel Search vendor "Intel"	Ax210 Firmware Search vendor "Intel" for product "Ax210 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax210 Search vendor "Intel" for product "Ax210"	-	-	Safe
Intel Search vendor "Intel"	Ax201 Firmware Search vendor "Intel" for product "Ax201 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax201 Search vendor "Intel" for product "Ax201"	-	-	Safe
Intel Search vendor "Intel"	Ax200 Firmware Search vendor "Intel" for product "Ax200 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax200 Search vendor "Intel" for product "Ax200"	-	-	Safe
Intel Search vendor "Intel"	Ac 9560 Firmware Search vendor "Intel" for product "Ac 9560 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 9560 Search vendor "Intel" for product "Ac 9560"	-	-	Safe
Intel Search vendor "Intel"	Ac 9462 Firmware Search vendor "Intel" for product "Ac 9462 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 9462 Search vendor "Intel" for product "Ac 9462"	-	-	Safe
Intel Search vendor "Intel"	Ac 9461 Firmware Search vendor "Intel" for product "Ac 9461 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 9461 Search vendor "Intel" for product "Ac 9461"	-	-	Safe
Intel Search vendor "Intel"	Ac 9260 Firmware Search vendor "Intel" for product "Ac 9260 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 9260 Search vendor "Intel" for product "Ac 9260"	-	-	Safe
Intel Search vendor "Intel"	Ac 8265 Firmware Search vendor "Intel" for product "Ac 8265 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 8265 Search vendor "Intel" for product "Ac 8265"	-	-	Safe
Intel Search vendor "Intel"	Ac 8260 Firmware Search vendor "Intel" for product "Ac 8260 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 8260 Search vendor "Intel" for product "Ac 8260"	-	-	Safe
Intel Search vendor "Intel"	Ac 3168 Firmware Search vendor "Intel" for product "Ac 3168 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 3168 Search vendor "Intel" for product "Ac 3168"	-	-	Safe
Intel Search vendor "Intel"	Ac 7265 Firmware Search vendor "Intel" for product "Ac 7265 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 7265 Search vendor "Intel" for product "Ac 7265"	-	-	Safe
Intel Search vendor "Intel"	Ac 3165 Firmware Search vendor "Intel" for product "Ac 3165 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 3165 Search vendor "Intel" for product "Ac 3165"	-	-	Safe
Intel Search vendor "Intel"	Ax1675 Firmware Search vendor "Intel" for product "Ax1675 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax1675 Search vendor "Intel" for product "Ax1675"	-	-	Safe
Intel Search vendor "Intel"	Ax1650 Firmware Search vendor "Intel" for product "Ax1650 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax1650 Search vendor "Intel" for product "Ax1650"	-	-	Safe
Intel Search vendor "Intel"	Ac 1550 Firmware Search vendor "Intel" for product "Ac 1550 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 1550 Search vendor "Intel" for product "Ac 1550"	-	-	Safe
Bluetooth Search vendor "Bluetooth"		Bluetooth Core Specification Search vendor "Bluetooth" for product "Bluetooth Core Specification"				>= 2.1 <= 5.2 Search vendor "Bluetooth" for product "Bluetooth Core Specification" and version " >= 2.1 <= 5.2"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.13 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13"		-		Affected