Bluetooth Core Specification Bluetooth Core Specification

Do you want an email whenever new security vulnerabilities are reported in Bluetooth Core Specification?

By the Year

In 2021 there have been 2 vulnerabilities in Bluetooth Core Specification with an average score of 4.8 out of ten. Bluetooth Core Specification did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 2 4.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Bluetooth Core Specification vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Bluetooth Core Specification Security Vulnerabilities

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device

CVE-2020-26558 4.2 - Medium - May 24, 2021

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

authentification

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

CVE-2020-26555 5.4 - Medium - May 24, 2021

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Bluetooth? Click the Watch button to subscribe.

Bluetooth
Vendor

subscribe