Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv2

CVE-2020-26555

Published: 24/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.8 | Impact Score: 4.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 427
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Bluetooth Core Specification

Vulnerability Summary

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B up to and including 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bluetooth bluetooth core specification

fedoraproject fedora 34

intel ax210_firmware -

intel ax201_firmware -

intel ax200_firmware -

intel ac_9560_firmware -

intel ac_9462_firmware -

intel ac_9461_firmware -

intel ac_9260_firmware -

intel ac_8265_firmware -

intel ac_8260_firmware -

intel ac_3168_firmware -

intel ac_7265_firmware -

intel ac_3165_firmware -

intel killer_wi-fi_6e_ax1675_firmware -

intel killer_wi-fi_6_ax1650_firmware -

intel killer_ac_1550_firmware -

Vendor Advisories

Ubuntu Security Notice: USN-5343-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2020-26555
A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key ...
Arch Linux Issues:
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 10B through 52 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/1c5953bf7b4cffc98481adf559672c1a
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/goblimey/learn-unix

The UNIX Learn CBT package Running Under Docker

The UNIX Learn CBT package Running Under Docker Learn is a Computer-Based Teaching tool that gives basic training in using UNIX and Linux It was written in the nineteen seventies at AT&T Bell Laboratories by Mike Lesk with some contributions from Brian Kernighan This version of the tool runs under Docker, which allows it to to run on a Windows system makes it easier t

References

CWE-863https://kb.cert.org/vuls/id/799380https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/https://ubuntu.com/security/notices/USN-5343-1https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook