Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:P/I:P/A:N
Vendors Products
Intel
  • Ac 9260 Firmware
  • Ac 9560 Firmware
  • Ac 9560
  • Ax201 Firmware
  • Ac 3165
  • Ac 3165 Firmware
  • Ac 7265
  • Ac 1550 Firmware
  • Ac 9461 Firmware
  • Ax200 Firmware
  • Ax210
  • Ac 1550
  • Ac 9461
  • Ac 9462 Firmware
  • Ax1650 Firmware
  • Ax210 Firmware
  • Ax1675 Firmware
  • Ac 7265 Firmware
  • Ax1675
  • Ax201
  • Ac 8260
  • Ac 9462
  • Ax200
  • Ac 8265 Firmware
  • Ac 8260 Firmware
  • Ac 3168 Firmware
  • Ac 9260
  • Ac 8265
  • Ac 3168
  • Ax1650
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Bluetooth
  • Bluetooth Core Specification
Linux
  • Linux Kernel

Configuration 1 [-]

cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:intel:ax210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax210:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:intel:ax201_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:intel:ax200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:intel:ac_9560_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:intel:ac_9462_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:intel:ac_9461_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:intel:ac_9260_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:intel:ac_8265_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:intel:ac_8260_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:intel:ac_3168_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:intel:ac_7265_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_7265:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:intel:ac_3165_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:intel:ax1675_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax1675:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:intel:ax1650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax1650:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:intel:ac_1550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_1550:-:*:*:*:*:*:*:*
References
Link Resource
https://kb.cert.org/vuls/id/799380 Third Party Advisory US Government Resource
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
https://security.gentoo.org/glsa/202209-16 Third Party Advisory
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ Vendor Advisory
https://www.debian.org/security/2021/dsa-4951 Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-24T17:22:16

Updated: 2022-09-29T16:07:24

Reserved: 2020-10-04T00:00:00

Link: CVE-2020-26558

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2021-05-24T18:15:07.930

Modified: 2023-11-07T03:20:37.400

Link: CVE-2020-26558

JSON object: View

cve-icon Redhat Information

No data.

CWE