Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv2

CVE-2020-10135

Published: 19/05/2020 Updated: 21/12/2021
CVSS v2 Base Score: 4.8 | Impact Score: 4.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 428
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Bluetooth

Vulnerability Summary

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and previous versions may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bluetooth bluetooth core

opensuse leap 15.1

Github Repositories

https://github.com/winterheart/broadcom-bt-firmware

Repository for various Broadcom Bluetooth firmware

Broadcom Bluetooth firmware for Linux kernel Overview This package intentended to provide firmware of Broadcom WIDCOMM® Bluetooth devices (including BCM20702, BCM20703, BCM43142 chipsets and other) for Linux kernel Since February 2017, Broadcom ships their drivers directly to Windows Update service They can be downloaded here Security considerations Recently several vul

https://github.com/marcinguy/CVE-2020-10135-BIAS

CVE 2020-10135 a.k.a BIAS (Bluetooth Impersonation Attack)

CVE-2020-10135-BIAS CVE 2020-10135 aka BIAS (Bluetooth Impersonation Attack) Seems like after a while and jumping through some hoops was able to perform BIAS (Bluetooth Impersonation Attack) CVE 2020-10135 Impersonated Samsung S3 Neo+ connection to Linux host Cool stuff THANK YOU for Internalblue and BIAS PoCs From my perspective found out that pretty much all you need to

https://github.com/AlexandrBing/broadcom-bt-firmware

Broadcom Bluetooth firmware for Linux kernel Overview This package intentended to provide firmware of Broadcom WIDCOMM® Bluetooth devices (including BCM20702, BCM20703, BCM43142 chipsets and other) for Linux kernel Since February 2017, Broadcom ships their drivers directly to Windows Update service They can be downloaded here Security considerations Recently several vul

https://github.com/Essen-Lin/Practice-of-the-Attack-and-Defense-of-Computers_Project2

電腦攻防實務 Project 2 CVE分析 CVE分析1:CVE-2006-3146 DoS attack(Denial of Service attack):利用一些攻擊放是來耗盡目標設備的資源或頻寬,以此讓其他使用者無法使用到目標設備提供的服務,若是兩台以上的攻擊電腦執行則稱為DDoS Attack(distributed denial-of-service attack)。 使用設備: 紅外線藍牙

References

CWE-290https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/https://kb.cert.org/vuls/id/647177/https://francozappa.github.io/about-bias/http://seclists.org/fulldisclosure/2020/Jun/5http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.htmlhttps://nvd.nist.govhttps://github.com/winterheart/broadcom-bt-firmwarehttps://www.kb.cert.org/vuls/id/647177
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook