Jan 2021: Windows Bluetooth Security Feature Bypass Vulnerability
CVE-2021-1638 Published on January 12, 2021

Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see thisstatementfrom the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

Vendor Advisory NVD


Products Associated with CVE-2021-1638

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-1638 are published in these products:

Microsoft Windows 10
 
Microsoft Windows Server 2016
 
Microsoft Windows Server 2019
 
Microsoft Windows Server 20h2
 
Microsoft Windows 10 1803
 
Microsoft Windows 10 1909
 
Microsoft Windows Server 1909
 
Microsoft Windows Server 2004
 

Affected Versions

Microsoft Windows 10 Version 20H2: Microsoft Windows Server version 20H2: Microsoft Windows 10 Version 1803: Microsoft Windows 10 Version 1809: Microsoft Windows Server 2019: Microsoft Windows Server 2019 (Server Core installation): Microsoft Windows 10 Version 1909: Microsoft Windows Server, version 1909 (Server Core installation): Microsoft Windows 10 Version 2004: Microsoft Windows Server version 2004:

Exploit Probability

EPSS
0.61%
Percentile
69.41%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.