CVE-2020-10135 - OpenCVE

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Bluetooth	Bluetooth Core
Opensuse	Leap

Configuration 1 [-]

OR	cpe:2.3:a:bluetooth:bluetooth_core:::::br:::*
	cpe:2.3:a:bluetooth:bluetooth_core:::::edr:::*

Configuration 2 [-]

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html	Broken Link Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html	Broken Link Mailing List Third Party Advisory
http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Jun/5	Exploit Mailing List Third Party Advisory
https://francozappa.github.io/about-bias/	Third Party Advisory
https://kb.cert.org/vuls/id/647177/	Third Party Advisory US Government Resource
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2020-04-14T00:00:00

Updated: 2020-11-02T15:52:55

Reserved: 2020-03-05T00:00:00

Link: CVE-2020-10135

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-05-19T16:15:11.073

Modified: 2021-12-21T12:42:21.433

Link: CVE-2020-10135

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "BR/EDR", "vendor": "Bluetooth", "versions": [{"lessThanOrEqual": "5.2", "status": "affected", "version": "5.2", "versionType": "custom"}]}], "datePublic": "2020-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-757", "description": "CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-02T15:52:55", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#647177", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://kb.cert.org/vuls/id/647177/"}, {"name": "20200602 BIAS (Bluetooth Impersonation Attack) CVE 2020-10135 reproduction", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Jun/5"}, {"name": "openSUSE-SU-2020:1153", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"}, {"name": "openSUSE-SU-2020:1236", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"}, {"tags": ["x_refsource_MISC"], "url": "https://francozappa.github.io/about-bias/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Bluetooth devices supporting BR/EDR v5.2 and earlier are vulnerable to impersonation attacks", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2020-04-14T00:00:00.000Z", "ID": "CVE-2020-10135", "STATE": "PUBLIC", "TITLE": "Bluetooth devices supporting BR/EDR v5.2 and earlier are vulnerable to impersonation attacks"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BR/EDR", "version": {"version_data": [{"version_affected": "<=", "version_name": "5.2", "version_value": "5.2"}]}}]}, "vendor_name": "Bluetooth"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')"}]}]}, "references": {"reference_data": [{"name": "VU#647177", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/647177/"}, {"name": "20200602 BIAS (Bluetooth Impersonation Attack) CVE 2020-10135 reproduction", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Jun/5"}, {"name": "openSUSE-SU-2020:1153", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"}, {"name": "openSUSE-SU-2020:1236", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"}, {"name": "https://francozappa.github.io/about-bias/", "refsource": "MISC", "url": "https://francozappa.github.io/about-bias/"}, {"name": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/", "refsource": "CONFIRM", "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/"}, {"name": "http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2020-10135", "datePublished": "2020-04-14T00:00:00", "dateReserved": "2020-03-05T00:00:00", "dateUpdated": "2020-11-02T15:52:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bluetooth:bluetooth_core:*:*:*:*:br:*:*:*", "matchCriteriaId": "3CD0469C-97E9-4969-BDE7-5303560FC4BC", "versionEndIncluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluetooth:bluetooth_core:*:*:*:*:edr:*:*:*", "matchCriteriaId": "D66993FE-5201-45B7-B597-E4E751E3C607", "versionEndIncluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key."}, {"lang": "es", "value": "El emparejamiento heredado y la identificaci\u00f3n de emparejamiento de conexiones seguras en Bluetooth BR / EDR Core Specification v5.2 y anteriores pueden permitir que un usuario no identificado complete la autenticaci\u00f3n sin emparejar credenciales a trav\u00e9s de acceso adyacente. Un atacante adyacente no autenticado podr\u00eda hacerse pasar por un maestro o esclavo Bluetooth BR / EDR para emparejarse con un dispositivo remoto previamente emparejado para completar con \u00e9xito el procedimiento de autenticaci\u00f3n sin conocer la clave de enlace"}], "id": "CVE-2020-10135", "lastModified": "2021-12-21T12:42:21.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cret@cert.org", "type": "Secondary"}]}, "published": "2020-05-19T16:15:11.073", "references": [{"source": "cret@cert.org", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"}, {"source": "cret@cert.org", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html"}, {"source": "cret@cert.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jun/5"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://francozappa.github.io/about-bias/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/647177/"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-757"}], "source": "cret@cert.org", "type": "Secondary"}]}