Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2020-15802

Published: 11/09/2020 Updated: 16/11/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Bluetooth Core Specification

Vulnerability Summary

Devices supporting Bluetooth prior to 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bluetooth bluetooth core specification

Github Repositories

https://github.com/Essen-Lin/Practice-of-the-Attack-and-Defense-of-Computers_Project2

電腦攻防實務 Project 2 CVE分析 CVE分析1:CVE-2006-3146 DoS attack(Denial of Service attack):利用一些攻擊放是來耗盡目標設備的資源或頻寬,以此讓其他使用者無法使用到目標設備提供的服務,若是兩台以上的攻擊電腦執行則稱為DDoS Attack(distributed denial-of-service attack)。 使用設備: 紅外線藍牙

https://github.com/francozappa/blur

BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361]

README Repository about the BLUR attacks presented at AsiaCCS'22 in the paper titled: BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy Useful links: pdf, video, slides, website BibTex entry: @inproceedings{antonioli22blur, author={Antonioli, Daniele and Tippenhauer, Nils Ole and Rasmussen, Kasper and Payer, Mathi

https://github.com/goblimey/learn-unix

The UNIX Learn CBT package Running Under Docker

The UNIX Learn CBT package Running Under Docker Learn is a Computer-Based Teaching tool that gives basic training in using UNIX and Linux It was written in the nineteen seventies at AT&T Bell Laboratories by Mike Lesk with some contributions from Brian Kernighan This version of the tool runs under Docker, which allows it to to run on a Windows system makes it easier t

Recent Articles

Billions of Bluetooth gadgets bothered by ‘BLURtooth’ miscreant-in-the-middle bug
The Register • Simon Sharwood, APAC Editor • 11 Sep 2020

BORKlife! Flaw allows overwriting of keys by the habitual voyeur

The Bluetooth Special Interest Group has admitted some previous iterations of its technology had a flaw that could be exploited to hijack or eavesdrop on nearby connections. Named BLURtooth, aka CVE-2020-15802, the flaw was present in the Bluetooth BR/EDR (Bluetooth Basic Rate/Enhanced Data Rate) from specification version 4.2 to 5.0. The latest version of the Bluetooth spec is 5.2. Version 4.2 debuted in December 2014 and version 5.0 came along two years later. In 2015 alone the world was crank...

Read more...

References

CWE-287https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709https://www.kb.cert.org/vuls/id/589825https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/https://nvd.nist.govhttps://github.com/Essen-Lin/Practice-of-the-Attack-and-Defense-of-Computers_Project2https://github.com/francozappa/blurhttps://www.theregister.co.uk/2020/09/11/blurtooth_vulnerability/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook