logo
DATABASE RESOURCES PRICING ABOUT US

Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite

Description

### Overview Devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing are vulnerable to key overwrite, which enables an attacker to to gain additional access to profiles or services that are not restricted by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key. This vulnerability is being referred to as [BLURtooth](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>). ### Description As detailed in both the Bluetooth Core Specification versions [4.2](<https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=441541>) and [5.0](<https://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=421043>), Bluetooth CTKD can be used for pairing by devices that support both Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) transport methods, which are known as "dual-mode" devices. CTKD pairing allows the devices to pair once using either transport method while generating both the BR/EDR and LE Long Term Keys (LTK) without needing to pair a second time. Dual-mode devices using CTKD to generate a LTK or Link Key (LK) are able to overwrite the original LTK or LK in cases where that transport was enforcing a higher level of security. ### Impact Several potential attacks could be performed by exploiting [CVE-2020-15802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802>), including a Man in the Middle (MITM) attack. The vulnerability is being referred to as BLURtooth and the group of attacks is being referred to as the BLUR attacks. Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack. For example, it may be possible to pair with certain devices using [JustWorks](<https://www.bluetooth.com/blog/bluetooth-pairing-part-4/>) pairing over BR/EDR or LE and overwriting an existing LTK or LK on the other transport. When this results in the reduction of encryption key strength or the overwrite of an authenticated key with an unauthenticated key, an attacker could gain additional access to profiles or services that are not otherwise restricted. ### Solution The Bluetooth SIG has released [recommendations](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>) for mitigating this issue that include additional conformance tests to ensure that the overwrite of an authenticated key or a key of a given length with an unauthenticated key or a key of reduced length is not permitted in devices supporting Bluetooth Core Specification version 5.1 or greater. They also recommend that potentially vulnerable implementations introduce the restrictions on CTKD mandated in Bluetooth Core Specification versions 5.1 and later. Implementations should disallow overwrite of the LTK or LK for one transport with the LTK or LK derived from the other when this overwrite would result in either a reduction of the key strength of the original bonding or a reduction in the MITM protection of the original bonding (from authenticated to unauthenticated). This may require that the host track the negotiated length and authentication status of the keys in the Bluetooth security database. The Bluetooth SIG further recommends that devices restrict when they are pairable on either transport to times when user interaction places the device into a pairable mode or when the device has no bonds or existing connections to a paired device. In all cases, it is recommended that devices restrict the duration of pairing mode and overwrite an existing bonding only when devices are explicitly in pairing mode. ### Acknowledgements Thanks to the reporter who wishes to remain anonymous. This document was written by Madison Oliver. ### Vendor Information 589825 Filter by status: All Affected Not Affected Unknown Filter by content: __ Additional information available __ Sort by: Status Alphabetical Expand all ### Bluetooth SIG Affected Notified: 2020-06-09 Updated: 2020-09-09 **CVE-2020-15802**| Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Arista Networks Inc. __ Not Affected Notified: 2020-08-28 Updated: 2021-02-05 **Statement Date: January 22, 2021** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement Arista products do not use bluetooth and are hence not affected. ### Barracuda Networks Not Affected Notified: 2020-08-28 Updated: 2020-09-23 **Statement Date: September 16, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Belden __ Not Affected Notified: 2020-08-28 Updated: 2020-09-09 **Statement Date: August 31, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement Belden devices do not support Bluetooth and are not affected by this vulnerability. ### Brocade Communication Systems __ Not Affected Notified: 2020-08-28 Updated: 2020-09-23 **Statement Date: September 15, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. ### Ceragon Networks Inc Not Affected Notified: 2020-08-28 Updated: 2020-09-11 **Statement Date: September 10, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### F5 Networks Inc. __ Not Affected Notified: 2020-08-28 Updated: 2020-09-09 **Statement Date: September 01, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement F5 products do not include/support Bluetooth. ### Fastly Not Affected Notified: 2020-08-28 Updated: 2020-09-23 **Statement Date: September 11, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Fujitsu Not Affected Notified: 2021-02-15 Updated: 2021-02-16 **Statement Date: February 16, 2021** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Infoblox Not Affected Notified: 2020-08-28 Updated: 2020-09-09 **Statement Date: August 28, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Intel Not Affected Notified: 2020-08-28 Updated: 2020-09-09 **Statement Date: August 31, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Juniper Networks __ Not Affected Notified: 2020-08-28 Updated: 2020-09-11 **Statement Date: September 10, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement Based on our investigation we confirm that there are no platforms/products which are affected from these vulnerabilities. ### Microchip Technology __ Not Affected Notified: 2020-08-28 Updated: 2020-09-09 **Statement Date: September 07, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement Microchip Bluetooth Dual Mode solutions do NOT implement Cross-Transport Key Derivation (CTKD), Microchip solutions are NOT affected by BLURtooth vulnerability ### Miredo Not Affected Notified: 2020-08-28 Updated: 2020-09-09 **Statement Date: August 28, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### NetBSD Not Affected Notified: 2020-08-28 Updated: 2020-09-29 **Statement Date: September 29, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Palo Alto Networks Not Affected Notified: 2020-08-28 Updated: 2020-10-14 **Statement Date: October 14, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### VMware __ Not Affected Notified: 2020-08-28 Updated: 2020-09-23 **Statement Date: September 14, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement Vmware is not affected by the above issues directly. ### VMware Carbon Black Not Affected Notified: 2020-08-28 Updated: 2020-09-09 **Statement Date: September 09, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Wind River __ Not Affected Notified: 2020-08-28 Updated: 2020-10-15 **Statement Date: October 14, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. #### References * [https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-15802](<https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-15802>) ### Zyxel __ Not Affected Notified: 2020-08-28 Updated: 2020-09-09 **Statement Date: September 09, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement Zyxel products are NOT affected either because they don’t support Cross Transport Key Derivation or do not support Bluetooth at all. ### lwIP Not Affected Notified: 2020-08-28 Updated: 2020-09-25 **Statement Date: September 25, 2020** **CVE-2020-15802**| Not Affected ---|--- #### Vendor Statement We have not received a statement from the vendor. ### ANTlabs Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Actelis Networks Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Aerohive Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### AhnLab Inc Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Akamai Technologies Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Alcatel-Lucent Enterprise Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Allied Telesis Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Aruba Networks Unknown Notified: 2020-10-02 Updated: 2020-10-14 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Atheros Communications Inc Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Avaya Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Belkin Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Bell Canada Enterprises Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### BoringSSL Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Broadcom Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### CISA Industrial Control Systems Vulnerability Management and Coordination Unknown Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### CMX Systems Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Cambium Networks Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Cirpack Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Cisco Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Commscope Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Cricket Wireless Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Cypress Semiconductor Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### D-Link Systems Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Deutsche Telekom Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Devicescape Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Digi International Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### EfficientIP Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Ericsson Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Espressif Systems Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Extreme Networks Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Force10 Networks Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Foundry Brocade Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### FreeBSD Project Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### GFI Software Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Google Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Grandstream Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### HCC Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### HP Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Hewlett Packard Enterprise Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Hitachi Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Honeywell Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Huawei Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### IBM Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### ICASI Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### INTEROP Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### IP Infusion Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### InfoExpress Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Inmarsat Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### LG Electronics Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Lantronix Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Lenovo Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### LibreSSL Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### LiteSpeed Technologies Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Lynx Software Technologies Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Marvell Semiconductor Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### MediaTek Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Medtronic Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Metaswitch Networks Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Microsoft Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Muonics Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### NETSCOUT Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### NetBurner Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Nokia Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### OleumTech Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### OpenConnect Ltd Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### OpenSSL Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Oracle Corporation Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Oryx Embedded Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Paessler Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Philips Electronics Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Proxim Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Pulse Secure Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### QLogic Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Quadros Systems Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Qualcomm Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Riverbed Technologies Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Ruijie Networks Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### SEIKO EPSON Corp. / Epson America Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### SafeNet Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Samsung Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Samsung Semiconductor Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### SmoothWall Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Sonos Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Sophos Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### TCPWave Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Tenable Network Security Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### TippingPoint Technologies Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Toshiba Commerce Solutions Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Untangle Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Vertical Networks Inc. Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### WizNET Technology Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### ZTE Corporation Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### Zebra Technologies Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### m0n0wall Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### netsnmp Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### netsnmpj Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. ### wolfSSL Unknown Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown ---|--- #### Vendor Statement We have not received a statement from the vendor. View all 118 vendors __View less vendors __ ### References * <https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/> * <https://www.bluetooth.com/specifications/bluetooth-core-specification/> * <https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/> ### Other Information **CVE IDs:** | [CVE-2020-15802 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-15802>) ---|--- **Date Public:** | 2020-09-09 **Date First Published:** | 2020-09-09 **Date Last Updated: ** | 2021-02-16 16:47 UTC **Document Revision: ** | 10


Related