CVE-2020-10134Insufficient Type Distinction in LE

CWE-351Insufficient Type DistinctionCWE-436Interpretation ConflictCWE-358Improperly Implemented Security Check for Standard7 documents6 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 68.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Bluetooth LEBluetooth Core
Timeline
PublishedMay 19
Latest updateMay 24

Description

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device ex

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 2.1 | Impact: 4.2

Affected Packages2 packages

CVEListV5bluetooth/le5.25.2

🔴Vulnerability Details

3
GHSA
GHSA-4fx5-wvjj-h2jp: Pairing in Bluetooth® Core v52022-05-24
OSV
CVE-2020-10134: Pairing in Bluetooth® Core v52020-05-19
CVEList
Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks2020-05-19

📋Vendor Advisories

1
Red Hat
bluetooth: Method Confusion Pairing Vulnerability in LE Secure Connections and BR/EDR Secure Simple Pairing2020-05-18

💬Community

2
Bugzilla
CVE-2020-10134 bluez: bluetooth: Method Confusion Pairing Vulnerability in LE Secure Connections and BR/EDR Secure Simple Pairing [fedora-all]2020-05-29
Bugzilla
CVE-2020-10134 bluetooth: Method Confusion Pairing Vulnerability in LE Secure Connections and BR/EDR Secure Simple Pairing2020-05-06
CVE-2020-10134 — Insufficient Type Distinction in LE | cvebase