Bluetooth Core Specification vulnerabilities

10 known vulnerabilities affecting bluetooth/bluetooth_core_specification.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2023-24023MEDIUMCVSS 6.8≥ 4.2, ≤ 5.42023-11-28
CVE-2023-24023 [MEDIUM] CVE-2023-24023: Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
nvd
CVE-2022-24695MEDIUMCVSS 4.3≤ 5.32023-06-02
CVE-2022-24695 [MEDIUM] CWE-203 CVE-2022-24695: Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device infor Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may
nvd
CVE-2022-25837HIGHCVSS 7.5≥ 1.1b, ≤ 5.32022-12-12
CVE-2022-25837 [HIGH] CWE-294 CVE-2022-25837: Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connec
nvd
CVE-2022-25836HIGHCVSS 7.5≥ 4.0, ≤ 5.32022-12-12
CVE-2022-25836 [HIGH] CWE-294 CVE-2022-25836: Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauth Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey
nvd
CVE-2020-35473MEDIUMCVSS 4.3≥ 4.0, ≤ 5.22022-11-08
CVE-2020-35473 [MEDIUM] CWE-203 CVE-2020-35473: An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Blue An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan reques
nvd
CVE-2021-31615MEDIUMCVSS 5.3≥ 4.0, ≤ 5.22021-06-25
CVE-2021-31615 [MEDIUM] CWE-362 CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against dev
nvd
CVE-2020-26556HIGHCVSS 7.5≥ 1.0b, ≤ 5.22021-05-24
CVE-2020-26556 [HIGH] CWE-307 CVE-2020-26556: Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to co Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.
nvd
CVE-2020-26555MEDIUMCVSS 5.4≥ 1.1b, ≤ 5.22021-05-24
CVE-2020-26555 [MEDIUM] CWE-863 CVE-2020-26555: Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
nvd
CVE-2020-26558MEDIUMCVSS 4.2≥ 2.1, ≤ 5.22021-05-24
CVE-2020-26558 [MEDIUM] CWE-287 CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to co
nvd
CVE-2020-15802MEDIUMCVSS 5.9fixed in 5.12020-09-11
CVE-2020-15802 [MEDIUM] CWE-287 CVE-2020-15802: Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Tr Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE,
nvd