CVE-2020-13702 - OpenCVE

The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
The Rolling Proximity Identifier Project	The Rolling Proximity Identifier

Configuration 1 [-]

cpe:2.3:a:the_rolling_proximity_identifier_project:the_rolling_proximity_identifier:*:*:*:*:*:*:*:*

References

Link	Resource
https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdf	Third Party Advisory
https://github.com/google/exposure-notifications-internals/commit/8f751a666697	Patch Third Party Advisory
https://github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69e	Patch Third Party Advisory
https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf	Exploit Technical Description Third Party Advisory
https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf	Exploit Technical Description Third Party Advisory
https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf	Exploit Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-11T18:16:01

Updated: 2021-03-01T17:12:04

Reserved: 2020-05-30T00:00:00

Link: CVE-2020-13702

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-11T19:15:10.073

Modified: 2021-03-12T12:58:55.347

Link: CVE-2020-13702

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-01T17:12:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69e"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/google/exposure-notifications-internals/commit/8f751a666697"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13702", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf", "refsource": "MISC", "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf"}, {"name": "https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdf", "refsource": "MISC", "url": "https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdf"}, {"name": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf", "refsource": "MISC", "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf"}, {"name": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf", "refsource": "MISC", "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf"}, {"name": "https://github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69e", "refsource": "MISC", "url": "https://github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69e"}, {"name": "https://github.com/google/exposure-notifications-internals/commit/8f751a666697", "refsource": "MISC", "url": "https://github.com/google/exposure-notifications-internals/commit/8f751a666697"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13702", "datePublished": "2020-06-11T18:16:01", "dateReserved": "2020-05-30T00:00:00", "dateUpdated": "2021-03-01T17:12:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:the_rolling_proximity_identifier_project:the_rolling_proximity_identifier:*:*:*:*:*:*:*:*", "matchCriteriaId": "476BD5D6-9B40-40C9-B914-A2DB84E073CE", "versionEndIncluding": "2020-05-29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism."}, {"lang": "es", "value": "El Rolling Proximity Identifier usado en la API Exposure Notification de Apple/Google versi\u00f3n beta hasta 29-05-2020, permite a atacantes omitir Bluetooth Smart Privacy porque existe un UID temporal secundario. Un atacante con acceso a redes Beacon o IoT puede rastrear sin problemas el movimiento de dispositivos individuales por medio de un mecanismo de detecci\u00f3n Bluetooth LE"}], "id": "CVE-2020-13702", "lastModified": "2021-03-12T12:58:55.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2020-06-11T19:15:10.073", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/google/exposure-notifications-internals/commit/8f751a666697"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69e"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}