// For flags

CVE-2020-26558

bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack

Severity Score

4.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

El emparejamiento seguro de Bluetooth LE y BR/EDR en Bluetooth Core Specification versiones 2.1 hasta 5.2, puede permitir a un atacante de tipo man-in-the-middle cercano identificar el Passkey usada durante el emparejamiento (en el procedimiento de autenticación de Passkey) mediante el reflejo de la clave pública y la evidencia de autenticació del dispositivo de inicio, potencialmente permitiendo a este atacante completar el emparejamiento autenticado con el dispositivo que responde usando la contraseña correcta para la sesión de emparejamiento. La metodología de ataque determina el valor de la Clave un bit a la vez

A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-04 CVE Reserved
  • 2021-05-24 CVE Published
  • 2024-07-25 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Intel
Search vendor "Intel"
Ax210 Firmware
Search vendor "Intel" for product "Ax210 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ax210
Search vendor "Intel" for product "Ax210"
--
Safe
Intel
Search vendor "Intel"
Ax201 Firmware
Search vendor "Intel" for product "Ax201 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ax201
Search vendor "Intel" for product "Ax201"
--
Safe
Intel
Search vendor "Intel"
Ax200 Firmware
Search vendor "Intel" for product "Ax200 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ax200
Search vendor "Intel" for product "Ax200"
--
Safe
Intel
Search vendor "Intel"
Ac 9560 Firmware
Search vendor "Intel" for product "Ac 9560 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 9560
Search vendor "Intel" for product "Ac 9560"
--
Safe
Intel
Search vendor "Intel"
Ac 9462 Firmware
Search vendor "Intel" for product "Ac 9462 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 9462
Search vendor "Intel" for product "Ac 9462"
--
Safe
Intel
Search vendor "Intel"
Ac 9461 Firmware
Search vendor "Intel" for product "Ac 9461 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 9461
Search vendor "Intel" for product "Ac 9461"
--
Safe
Intel
Search vendor "Intel"
Ac 9260 Firmware
Search vendor "Intel" for product "Ac 9260 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 9260
Search vendor "Intel" for product "Ac 9260"
--
Safe
Intel
Search vendor "Intel"
Ac 8265 Firmware
Search vendor "Intel" for product "Ac 8265 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 8265
Search vendor "Intel" for product "Ac 8265"
--
Safe
Intel
Search vendor "Intel"
Ac 8260 Firmware
Search vendor "Intel" for product "Ac 8260 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 8260
Search vendor "Intel" for product "Ac 8260"
--
Safe
Intel
Search vendor "Intel"
Ac 3168 Firmware
Search vendor "Intel" for product "Ac 3168 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 3168
Search vendor "Intel" for product "Ac 3168"
--
Safe
Intel
Search vendor "Intel"
Ac 7265 Firmware
Search vendor "Intel" for product "Ac 7265 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 7265
Search vendor "Intel" for product "Ac 7265"
--
Safe
Intel
Search vendor "Intel"
Ac 3165 Firmware
Search vendor "Intel" for product "Ac 3165 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 3165
Search vendor "Intel" for product "Ac 3165"
--
Safe
Intel
Search vendor "Intel"
Ax1675 Firmware
Search vendor "Intel" for product "Ax1675 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ax1675
Search vendor "Intel" for product "Ax1675"
--
Safe
Intel
Search vendor "Intel"
Ax1650 Firmware
Search vendor "Intel" for product "Ax1650 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ax1650
Search vendor "Intel" for product "Ax1650"
--
Safe
Intel
Search vendor "Intel"
Ac 1550 Firmware
Search vendor "Intel" for product "Ac 1550 Firmware"
--
Affected
in Intel
Search vendor "Intel"
Ac 1550
Search vendor "Intel" for product "Ac 1550"
--
Safe
Bluetooth
Search vendor "Bluetooth"
Bluetooth Core Specification
Search vendor "Bluetooth" for product "Bluetooth Core Specification"
>= 2.1 <= 5.2
Search vendor "Bluetooth" for product "Bluetooth Core Specification" and version " >= 2.1 <= 5.2"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.13
Search vendor "Linux" for product "Linux Kernel" and version " < 5.13"
-
Affected