### Overview
Devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing are vulnerable to key overwrite, which enables an attacker to to gain additional access to profiles or services that are not restricted by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key. This vulnerability is being referred to as [BLURtooth](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>).
### Description
As detailed in both the Bluetooth Core Specification versions [4.2](<https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=441541>) and [5.0](<https://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=421043>), Bluetooth CTKD can be used for pairing by devices that support both Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) transport methods, which are known as "dual-mode" devices. CTKD pairing allows the devices to pair once using either transport method while generating both the BR/EDR and LE Long Term Keys (LTK) without needing to pair a second time. Dual-mode devices using CTKD to generate a LTK or Link Key (LK) are able to overwrite the original LTK or LK in cases where that transport was enforcing a higher level of security.
### Impact
Several potential attacks could be performed by exploiting [CVE-2020-15802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802>), including a Man in the Middle (MITM) attack. The vulnerability is being referred to as BLURtooth and the group of attacks is being referred to as the BLUR attacks. Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack. For example, it may be possible to pair with certain devices using [JustWorks](<https://www.bluetooth.com/blog/bluetooth-pairing-part-4/>) pairing over BR/EDR or LE and overwriting an existing LTK or LK on the other transport. When this results in the reduction of encryption key strength or the overwrite of an authenticated key with an unauthenticated key, an attacker could gain additional access to profiles or services that are not otherwise restricted.
### Solution
The Bluetooth SIG has released [recommendations](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>) for mitigating this issue that include additional conformance tests to ensure that the overwrite of an authenticated key or a key of a given length with an unauthenticated key or a key of reduced length is not permitted in devices supporting Bluetooth Core Specification version 5.1 or greater. They also recommend that potentially vulnerable implementations introduce the restrictions on CTKD mandated in Bluetooth Core Specification versions 5.1 and later. Implementations should disallow overwrite of the LTK or LK for one transport with the LTK or LK derived from the other when this overwrite would result in either a reduction of the key strength of the original bonding or a reduction in the MITM protection of the original bonding (from authenticated to unauthenticated). This may require that the host track the negotiated length and authentication status of the keys in the Bluetooth security database.
The Bluetooth SIG further recommends that devices restrict when they are pairable on either transport to times when user interaction places the device into a pairable mode or when the device has no bonds or existing connections to a paired device. In all cases, it is recommended that devices restrict the duration of pairing mode and overwrite an existing bonding only when devices are explicitly in pairing mode.
### Acknowledgements
Thanks to the reporter who wishes to remain anonymous.
This document was written by Madison Oliver.
### Vendor Information
589825
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
### Bluetooth SIG Affected
Notified: 2020-06-09 Updated: 2020-09-09 **CVE-2020-15802**| Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Arista Networks Inc. __ Not Affected
Notified: 2020-08-28 Updated: 2021-02-05
**Statement Date: January 22, 2021**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
Arista products do not use bluetooth and are hence not affected.
### Barracuda Networks Not Affected
Notified: 2020-08-28 Updated: 2020-09-23
**Statement Date: September 16, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Belden __ Not Affected
Notified: 2020-08-28 Updated: 2020-09-09
**Statement Date: August 31, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
Belden devices do not support Bluetooth and are not affected by this vulnerability.
### Brocade Communication Systems __ Not Affected
Notified: 2020-08-28 Updated: 2020-09-23
**Statement Date: September 15, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
### Ceragon Networks Inc Not Affected
Notified: 2020-08-28 Updated: 2020-09-11
**Statement Date: September 10, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### F5 Networks Inc. __ Not Affected
Notified: 2020-08-28 Updated: 2020-09-09
**Statement Date: September 01, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
F5 products do not include/support Bluetooth.
### Fastly Not Affected
Notified: 2020-08-28 Updated: 2020-09-23
**Statement Date: September 11, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Fujitsu Not Affected
Notified: 2021-02-15 Updated: 2021-02-16
**Statement Date: February 16, 2021**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Infoblox Not Affected
Notified: 2020-08-28 Updated: 2020-09-09
**Statement Date: August 28, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Intel Not Affected
Notified: 2020-08-28 Updated: 2020-09-09
**Statement Date: August 31, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Juniper Networks __ Not Affected
Notified: 2020-08-28 Updated: 2020-09-11
**Statement Date: September 10, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
Based on our investigation we confirm that there are no platforms/products which are affected from these vulnerabilities.
### Microchip Technology __ Not Affected
Notified: 2020-08-28 Updated: 2020-09-09
**Statement Date: September 07, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
Microchip Bluetooth Dual Mode solutions do NOT implement Cross-Transport Key Derivation (CTKD), Microchip solutions are NOT affected by BLURtooth vulnerability
### Miredo Not Affected
Notified: 2020-08-28 Updated: 2020-09-09
**Statement Date: August 28, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### NetBSD Not Affected
Notified: 2020-08-28 Updated: 2020-09-29
**Statement Date: September 29, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Palo Alto Networks Not Affected
Notified: 2020-08-28 Updated: 2020-10-14
**Statement Date: October 14, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### VMware __ Not Affected
Notified: 2020-08-28 Updated: 2020-09-23
**Statement Date: September 14, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
Vmware is not affected by the above issues directly.
### VMware Carbon Black Not Affected
Notified: 2020-08-28 Updated: 2020-09-09
**Statement Date: September 09, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Wind River __ Not Affected
Notified: 2020-08-28 Updated: 2020-10-15
**Statement Date: October 14, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
#### References
* [https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-15802](<https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-15802>)
### Zyxel __ Not Affected
Notified: 2020-08-28 Updated: 2020-09-09
**Statement Date: September 09, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
Zyxel products are NOT affected either because they don’t support Cross Transport Key Derivation or do not support Bluetooth at all.
### lwIP Not Affected
Notified: 2020-08-28 Updated: 2020-09-25
**Statement Date: September 25, 2020**
**CVE-2020-15802**| Not Affected
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### ANTlabs Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Actelis Networks Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Aerohive Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### AhnLab Inc Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Akamai Technologies Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Alcatel-Lucent Enterprise Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Allied Telesis Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Aruba Networks Unknown
Notified: 2020-10-02 Updated: 2020-10-14 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Atheros Communications Inc Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Avaya Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Belkin Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Bell Canada Enterprises Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### BoringSSL Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Broadcom Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### CISA Industrial Control Systems Vulnerability Management and Coordination Unknown
Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### CMX Systems Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Cambium Networks Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Cirpack Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Cisco Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Commscope Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Cricket Wireless Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Cypress Semiconductor Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### D-Link Systems Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Deutsche Telekom Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Devicescape Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Digi International Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### EfficientIP Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Ericsson Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Espressif Systems Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Extreme Networks Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Force10 Networks Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Foundry Brocade Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### FreeBSD Project Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### GFI Software Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Google Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Grandstream Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### HCC Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### HP Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Hewlett Packard Enterprise Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Hitachi Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Honeywell Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Huawei Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### IBM Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### ICASI Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### INTEROP Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### IP Infusion Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### InfoExpress Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Inmarsat Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### LG Electronics Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Lantronix Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Lenovo Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### LibreSSL Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### LiteSpeed Technologies Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Lynx Software Technologies Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Marvell Semiconductor Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### MediaTek Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Medtronic Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Metaswitch Networks Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Microsoft Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Muonics Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### NETSCOUT Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### NetBurner Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Nokia Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### OleumTech Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### OpenConnect Ltd Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### OpenSSL Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Oracle Corporation Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Oryx Embedded Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Paessler Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Philips Electronics Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Proxim Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Pulse Secure Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### QLogic Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Quadros Systems Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Qualcomm Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Riverbed Technologies Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Ruijie Networks Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### SEIKO EPSON Corp. / Epson America Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### SafeNet Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Samsung Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Samsung Semiconductor Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### SmoothWall Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Sonos Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Sophos Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### TCPWave Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Tenable Network Security Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### TippingPoint Technologies Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Toshiba Commerce Solutions Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Untangle Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Vertical Networks Inc. Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### WizNET Technology Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### ZTE Corporation Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### Zebra Technologies Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### m0n0wall Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### netsnmp Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### netsnmpj Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
### wolfSSL Unknown
Notified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown
---|---
#### Vendor Statement
We have not received a statement from the vendor.
View all 118 vendors __View less vendors __
### References
* <https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>
* <https://www.bluetooth.com/specifications/bluetooth-core-specification/>
* <https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/>
### Other Information
**CVE IDs:** | [CVE-2020-15802 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-15802>)
---|---
**Date Public:** | 2020-09-09
**Date First Published:** | 2020-09-09
**Date Last Updated: ** | 2021-02-16 16:47 UTC
**Document Revision: ** | 10
{"id": "VU:589825", "type": "cert", "bulletinFamily": "info", "title": "Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite", "description": "### Overview\n\nDevices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing are vulnerable to key overwrite, which enables an attacker to to gain additional access to profiles or services that are not restricted by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key. This vulnerability is being referred to as [BLURtooth](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>).\n\n### Description\n\nAs detailed in both the Bluetooth Core Specification versions [4.2](<https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=441541>) and [5.0](<https://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=421043>), Bluetooth CTKD can be used for pairing by devices that support both Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) transport methods, which are known as \"dual-mode\" devices. CTKD pairing allows the devices to pair once using either transport method while generating both the BR/EDR and LE Long Term Keys (LTK) without needing to pair a second time. Dual-mode devices using CTKD to generate a LTK or Link Key (LK) are able to overwrite the original LTK or LK in cases where that transport was enforcing a higher level of security.\n\n### Impact\n\nSeveral potential attacks could be performed by exploiting [CVE-2020-15802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802>), including a Man in the Middle (MITM) attack. The vulnerability is being referred to as BLURtooth and the group of attacks is being referred to as the BLUR attacks. Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack. For example, it may be possible to pair with certain devices using [JustWorks](<https://www.bluetooth.com/blog/bluetooth-pairing-part-4/>) pairing over BR/EDR or LE and overwriting an existing LTK or LK on the other transport. When this results in the reduction of encryption key strength or the overwrite of an authenticated key with an unauthenticated key, an attacker could gain additional access to profiles or services that are not otherwise restricted.\n\n### Solution\n\nThe Bluetooth SIG has released [recommendations](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>) for mitigating this issue that include additional conformance tests to ensure that the overwrite of an authenticated key or a key of a given length with an unauthenticated key or a key of reduced length is not permitted in devices supporting Bluetooth Core Specification version 5.1 or greater. They also recommend that potentially vulnerable implementations introduce the restrictions on CTKD mandated in Bluetooth Core Specification versions 5.1 and later. Implementations should disallow overwrite of the LTK or LK for one transport with the LTK or LK derived from the other when this overwrite would result in either a reduction of the key strength of the original bonding or a reduction in the MITM protection of the original bonding (from authenticated to unauthenticated). This may require that the host track the negotiated length and authentication status of the keys in the Bluetooth security database.\n\nThe Bluetooth SIG further recommends that devices restrict when they are pairable on either transport to times when user interaction places the device into a pairable mode or when the device has no bonds or existing connections to a paired device. In all cases, it is recommended that devices restrict the duration of pairing mode and overwrite an existing bonding only when devices are explicitly in pairing mode.\n\n### Acknowledgements\n\nThanks to the reporter who wishes to remain anonymous.\n\nThis document was written by Madison Oliver.\n\n### Vendor Information\n\n589825\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Bluetooth SIG Affected\n\nNotified: 2020-06-09 Updated: 2020-09-09 **CVE-2020-15802**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arista Networks Inc. __ Not Affected\n\nNotified: 2020-08-28 Updated: 2021-02-05\n\n**Statement Date: January 22, 2021**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nArista products do not use bluetooth and are hence not affected.\n\n### Barracuda Networks Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-23\n\n**Statement Date: September 16, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belden __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-09\n\n**Statement Date: August 31, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nBelden devices do not support Bluetooth and are not affected by this vulnerability.\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-23\n\n**Statement Date: September 15, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.\n\n### Ceragon Networks Inc Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-11\n\n**Statement Date: September 10, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-09\n\n**Statement Date: September 01, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nF5 products do not include/support Bluetooth.\n\n### Fastly Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-23\n\n**Statement Date: September 11, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fujitsu Not Affected\n\nNotified: 2021-02-15 Updated: 2021-02-16\n\n**Statement Date: February 16, 2021**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Infoblox Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-09\n\n**Statement Date: August 28, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-09\n\n**Statement Date: August 31, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-11\n\n**Statement Date: September 10, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nBased on our investigation we confirm that there are no platforms/products which are affected from these vulnerabilities.\n\n### Microchip Technology __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-09\n\n**Statement Date: September 07, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nMicrochip Bluetooth Dual Mode solutions do NOT implement Cross-Transport Key Derivation (CTKD), Microchip solutions are NOT affected by BLURtooth vulnerability\n\n### Miredo Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-09\n\n**Statement Date: August 28, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetBSD Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-29\n\n**Statement Date: September 29, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Palo Alto Networks Not Affected\n\nNotified: 2020-08-28 Updated: 2020-10-14\n\n**Statement Date: October 14, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### VMware __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-23\n\n**Statement Date: September 14, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nVmware is not affected by the above issues directly.\n\n### VMware Carbon Black Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-09\n\n**Statement Date: September 09, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-10-15\n\n**Statement Date: October 14, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-15802](<https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-15802>)\n\n### Zyxel __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-09\n\n**Statement Date: September 09, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nZyxel products are NOT affected either because they don\u2019t support Cross Transport Key Derivation or do not support Bluetooth at all.\n\n### lwIP Not Affected\n\nNotified: 2020-08-28 Updated: 2020-09-25\n\n**Statement Date: September 25, 2020**\n\n**CVE-2020-15802**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ANTlabs Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Actelis Networks Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aerohive Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AhnLab Inc Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Akamai Technologies Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Allied Telesis Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aruba Networks Unknown\n\nNotified: 2020-10-02 Updated: 2020-10-14 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Atheros Communications Inc Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Bell Canada Enterprises Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BoringSSL Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Broadcom Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CISA Industrial Control Systems Vulnerability Management and Coordination Unknown\n\nUpdated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CMX Systems Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cambium Networks Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cirpack Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cricket Wireless Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cypress Semiconductor Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Deutsche Telekom Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Devicescape Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Digi International Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### EfficientIP Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ericsson Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Espressif Systems Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Force10 Networks Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Foundry Brocade Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### FreeBSD Project Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GFI Software Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Google Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Grandstream Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HCC Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HP Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Honeywell Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ICASI Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### INTEROP Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IP Infusion Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### InfoExpress Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Inmarsat Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LG Electronics Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lantronix Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lenovo Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LibreSSL Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LiteSpeed Technologies Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lynx Software Technologies Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Marvell Semiconductor Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MediaTek Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Medtronic Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Metaswitch Networks Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microsoft Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Muonics Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NETSCOUT Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetBurner Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OleumTech Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenConnect Ltd Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenSSL Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oracle Corporation Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oryx Embedded Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Paessler Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Philips Electronics Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Proxim Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Pulse Secure Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QLogic Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quadros Systems Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Qualcomm Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Riverbed Technologies Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruijie Networks Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SEIKO EPSON Corp. / Epson America Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SafeNet Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Semiconductor Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SmoothWall Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sonos Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sophos Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TCPWave Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Tenable Network Security Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Toshiba Commerce Solutions Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Untangle Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vertical Networks Inc. Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### WizNET Technology Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ZTE Corporation Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zebra Technologies Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### m0n0wall Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### netsnmp Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### netsnmpj Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### wolfSSL Unknown\n\nNotified: 2020-08-28 Updated: 2020-09-09 **CVE-2020-15802**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 118 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>\n * <https://www.bluetooth.com/specifications/bluetooth-core-specification/>\n * <https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2020-15802 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-15802>) \n---|--- \n**Date Public:** | 2020-09-09 \n**Date First Published:** | 2020-09-09 \n**Date Last Updated: ** | 2021-02-16 16:47 UTC \n**Document Revision: ** | 10 \n", "published": "2020-09-09T00:00:00", "modified": "2021-02-16T16:47:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, "href": "https://www.kb.cert.org/vuls/id/589825", "reporter": "CERT", "references": ["https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/", "https://www.bluetooth.com/specifications/bluetooth-core-specification/", "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/"], "cvelist": ["CVE-2020-15802"], "immutableFields": [], "lastseen": "2021-09-28T17:52:50", "viewCount": 129, "enchantments": {"dependencies": {"references": [{"type": "androidsecurity", "idList": ["ANDROID:2020-12-01"]}, {"type": "cve", "idList": ["CVE-2020-15802"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15802"]}, {"type": "osv", "idList": ["OSV:ASB-A-158854097"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15802"]}, {"type": "thn", "idList": ["THN:750045FB46D70C83ECBE5EC982B33A42"]}, {"type": "threatpost", "idList": ["THREATPOST:A520224EBE48A5883B0AFBB0E8EEA0C2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15802"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "androidsecurity", "idList": ["ANDROID:2020-12-01"]}, {"type": "cve", "idList": ["CVE-2020-15802"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15802"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15802"]}, {"type": "thn", "idList": ["THN:750045FB46D70C83ECBE5EC982B33A42"]}, {"type": "threatpost", "idList": ["THREATPOST:A520224EBE48A5883B0AFBB0E8EEA0C2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15802"]}]}, "exploitation": null, "vulnersScore": 0.3}, "_state": {"dependencies": 1659966727, "score": 1659970229}, "_internal": {"score_hash": "f9ef04d6f04d4bc53df75dcbd65a6cac"}}
{"thn": [{"lastseen": "2022-05-09T12:40:09", "description": "[](<https://thehackernews.com/images/-thAMpcqNwSM/X1qZhjL1xlI/AAAAAAAA3Sw/v0btKQ_mHQQudTn-juKYqX675Vk4qhkRwCLcBGAsYHQ/s728-e100/Blutooth-attack.jpg>)\n\nBluetooth SIG\u2014an organization that oversees the development of Bluetooth standards\u2014today issued a [statement](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>) informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. \n \nDiscovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices supporting both \u2014 Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (BLE) standard. \n \nCross-Transport Key Derivation (CTKD) is a Bluetooth component responsible for negotiating the authenticate keys when pairing two Bluetooth devices together, also known as \"dual-mode\" devices. \n \nDubbed 'BLURtooth' and tracked as **CVE-2020-15802**, the flaw exposes devices powered with Bluetooth 4.0 or 5.0 technology, allowing attackers to unauthorizedly connect to a targeted nearby device by overwriting the authenticated key or reducing the encryption key strength. \n \n\"Dual-mode devices using CTKD to generate a Long Term Keys (LTK)or Link Key (LK) are able to overwrite the original LTK or LK in cases where that transport was enforcing a higher level of security,\" the researchers explain. \n \n\"Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack.\" \n \nIn other words, the flaw leverage ability under specific implementations of the pairing process that could allow devices to overwrite authorization keys when the transport enforces a higher level of security. \n \nAccording to an [advisory](<https://www.kb.cert.org/vuls/id/589825/>) published by Carnegie Mellon CERT Coordination Center, the flaw can lead to several potential attacks, grouped as 'BLUR attacks,' including man-in-the-middle attack. \n \n\"If a device spoofing another device's identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur,\" Bluetooth SIG warned of the same. \n \n\"This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.\" \n \nBesides recommending to introduce restrictions on CTKD mandated in [Bluetooth Core Specification](<https://www.bluetooth.com/specifications/bluetooth-core-specification/>) versions 5.1 and later as primary mitigation, Bluetooth SIG has also started coordinates with affected device manufacturers to help them release necessary patches rapidly. \n \n\"The Bluetooth SIG further recommends that devices restrict when they are pairable on either transport to times when user interaction places the device into a pairable mode or when the device has no bonds or existing connections to a paired device,\" the researchers said. \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-10T21:37:00", "type": "thn", "title": "New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15802"], "modified": "2020-09-10T21:37:22", "id": "THN:750045FB46D70C83ECBE5EC982B33A42", "href": "https://thehackernews.com/2020/09/new-bluetooth-vulnerability.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "threatpost": [{"lastseen": "2020-09-17T21:43:29", "description": "A high-severity Bluetooth vulnerability has been uncovered, which could enable an unauthenticated attacker within wireless range to eavesdrop or alter communications between paired devices.\n\nThe flaw ([CVE-2020-15802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802>)), discovered independently by researchers at the \u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne (EPFL) and Purdue University, [is being referred](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>) to as \u201cBLURtooth.\u201d The issue exists in the [pairing process](<https://cert.civis.net/en/index.php?action=alert¶m=CVE-2020-15802>) for Bluetooth 4.0 through 5.0 implementations. This pairing process is called Cross-Transport Key Derivation (CTKD).\n\n\u201cDevices\u2026 using [CTKD] for pairing are vulnerable to key overwrite, which enables an attacker to gain additional access to profiles or services that are not restricted, by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key,\u201d according [to a security advisory](<https://kb.cert.org/vuls/id/589825>) on Wednesday by the Carnegie Mellon CERT Coordination Center.\n\n## **The \u2018BLURtooth\u2019 Attack**\n\nThere are two types of Bluetooth protocols related to the attack \u2013 the older Bluetooth Classic (also known as Bluetooth Basic Rate/Enhanced Data Rate, or BR/EDR) and newer Bluetooth Low Energy (BLE). While BR/EDR are mainly used for audio applications such as wireless telephone connections, wireless headphones and wireless speakers, BLE is more often seen in wearable devices, smart IoT devices, fitness monitoring equipment and battery-powered accessories such as a keyboard.\n\n[](<https://threatpost.com/webinars/five-essentials-for-running-a-successful-bug-bounty-program/>)\n\nClick to Register\n\nThe process of CTKD is utilized when two dual-mode devices pair with each other \u2013 \u201cdual-mode\u201d meaning that they support both BLE and BR/EDR. The process means the devices only need to pair over either BLE or BR/EDR to get the encryption keys \u2013 called Link Keys \u2013 for both transport types in one go.\n\nHowever, a hole in CTKD makes it possible to lower the \u201cstrength\u201d of these Link Key encryption keys (further technical details on where specifically the vulnerability exists within CTKD \u2014 as well as specific steps needed to exploit the flaw \u2014 are not yet available). That in turn paves the way for an attacker to pair their own devices to the target\u2019s device, with no authentication needed.\n\nFor this attack to be successful, an attacker would need to be within wireless range of a vulnerable Bluetooth device. That can vary from 330 feet for Bluetooth 4.0 devices, to 800 feet for Bluetooth 5.0.\n\nTo be vulnerable, a device would need to support both BR/EDR and BLE transports and also support CTKD. It must also permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the transport types; that allows attackers to interfere between the two transports by impersonating a previously paired device. Thus, it enables their non-authenticated encryption keys to replace the authenticated keys.\n\n\u201cIf a device spoofing another device\u2019s identity becomes paired or bonded on a transport, and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur,\u201d according to a [security advisory on Wednesday](<https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/>) by the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards. \u201cThis may permit a man-in-the-middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.\u201d\n\nThe attacker could then sniff out communications between the two devices \u2013 allowing them to spy on messages or potentially even alter them.\n\n## **Bluetooth Mitigations**\n\nThe Bluetooth SIG is recommending that potentially vulnerable Bluetooth implementations introduce the restrictions on CTKD that have been mandated in Bluetooth Core Specification versions 5.1 and later. These restrictions prevent the overwrite of an authenticated key or a key of a given length with an unauthenticated key or a key of reduced length.\n\n\u201cThe Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches,\u201d according to Bluetooth. \u201cAs always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.\u201d\n\nSeveral Bluetooth-based attacks have cropped up over the past year. In May, academic researchers [uncovered security vulnerabilities](<https://threatpost.com/bluetooth-bugs-impersonation-devices/155886/>) in Bluetooth Classic that could have allowed attackers to spoof paired devices and capture sensitive data. In February, meanwhile, a critical vulnerability in the Bluetooth implementation on Android devices [was discovered that could allow](<https://threatpost.com/critical-android-bluetooth-bug-enables-rce-no-user-interaction-needed/152699/>) attackers to launch remote code-execution (RCE) attacks \u2013 without any user interaction.\n\n[**On Wed Sept. 16 @ 2 PM ET:**](<https://threatpost.com/webinars/five-essentials-for-running-a-successful-bug-bounty-program/>)** Learn the secrets to running a successful Bug Bounty Program. **[**Register today**](<https://slack-redir.net/link?url=https%3A%2F%2Fthreatpost.com%2Fwebinars%2Ffive-essentials-for-running-a-successful-bug-bounty-program%2F>)** for this FREE Threatpost webinar \u201c**[**Five Essentials for Running a Successful Bug Bounty Program**](<https://slack-redir.net/link?url=https%3A%2F%2Fthreatpost.com%2Fwebinars%2Ffive-essentials-for-running-a-successful-bug-bounty-program%2F>)**\u201c. Hear from top Bug Bounty Program experts how to juggle public versus private programs and how to navigate the tricky terrain of managing Bug Hunters, disclosure policies and budgets. Join us Wednesday Sept. 16, 2-3 PM ET for this **[**LIVE**](<https://slack-redir.net/link?url=https%3A%2F%2Fthreatpost.com%2Fwebinars%2Ffive-essentials-for-running-a-successful-bug-bounty-program%2F>)** webinar.**\n", "cvss3": {}, "published": "2020-09-10T16:39:05", "type": "threatpost", "title": "Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-15802"], "modified": "2020-09-10T16:39:05", "id": "THREATPOST:A520224EBE48A5883B0AFBB0E8EEA0C2", "href": "https://threatpost.com/bluetooth-bug-mitm-attacks/159124/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-05-12T01:24:36", "description": "Bulletin has no description", "edition": 1, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-01T00:00:00", "type": "osv", "title": "In smp_key_distribution of smp_act.cc, there are possible vulnerabilities in Cross-Transport Key Derivation due to weaknesses in the Bluetooth standard. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15802"], "modified": "2020-12-01T00:00:00", "id": "OSV:ASB-A-158854097", "href": "https://osv.dev/vulnerability/ASB-A-158854097", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-11-16T17:17:02", "description": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-11T14:15:00", "type": "cve", "title": "CVE-2020-15802", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15802"], "modified": "2022-11-16T15:19:00", "cpe": [], "id": "CVE-2020-15802", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15802", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "debiancve": [{"lastseen": "2023-01-30T02:08:17", "description": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-11T14:15:00", "type": "debiancve", "title": "CVE-2020-15802", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15802"], "modified": "2020-09-11T14:15:00", "id": "DEBIANCVE:CVE-2020-15802", "href": "https://security-tracker.debian.org/tracker/CVE-2020-15802", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-02-01T13:40:22", "description": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle\nattacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core\nSpecification v4.2 and v5.0 may permit an unauthenticated user to establish\na bonding with one transport, either LE or BR/EDR, and replace a bonding\nalready established on the opposing transport, BR/EDR or LE, potentially\noverwriting an authenticated key with an unauthenticated key, or a key with\ngreater entropy with one with less.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-15802>\n * <https://bugzilla.suse.com/show_bug.cgi?id=1176442>\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-11T00:00:00", "type": "ubuntucve", "title": "CVE-2020-15802", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15802"], "modified": "2020-09-11T00:00:00", "id": "UB:CVE-2020-15802", "href": "https://ubuntu.com/security/CVE-2020-15802", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhatcve": [{"lastseen": "2023-02-01T08:12:44", "description": "A flaw was found in the bluetooth specification that would allow an attacker within bluetooth radio range to abuse a protocol flaw which could allow key-overwrite in services.\n#### Mitigation\n\nAs the bluetooth module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: \n\n\n# echo "install bluetooth /bin/true" >> /etc/modprobe.d/disable-bluetooth.conf \n\n\nThe system will need to be restarted if the bluetooth modules are loaded. In most circumstances, the bluetooth kernel modules will be unable to be unloaded while any bluetooth interfaces are active and the protocol is in use. \n\n\nIf the system requires this module to work correctly, this mitigation may not be suitable. \n\n\nIf you need further assistance, see KCS article <https://access.redhat.com/solutions/41278> or contact Red Hat Global Support Services. \n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-11T05:59:58", "type": "redhatcve", "title": "CVE-2020-15802", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15802"], "modified": "2023-02-01T05:35:12", "id": "RH:CVE-2020-15802", "href": "https://access.redhat.com/security/cve/cve-2020-15802", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "androidsecurity": [{"lastseen": "2022-09-08T00:19:46", "description": "The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-12-05 or later address all of these issues. To learn how to check a device's security patch level, see [Check and update your Android version](<https://support.google.com/pixelphone/answer/4457705>).\n\nAndroid partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP. \n\nThe most severe of these issues is a critical security vulnerability in the Media Framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. \n\nRefer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.\n\n**Note**: Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the December 2020 Pixel Update Bulletin. \n\n## Android and Google service mitigations\n\nThis is a summary of the mitigations provided by the Android security platform and service protections such as [Google Play Protect](<https://developers.google.com/android/play-protect>). These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.\n\n * Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.\n * The Android security team actively monitors for abuse through [Google Play Protect](<https://developers.google.com/android/play-protect>) and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with [Google Mobile Services](<http://www.android.com/gms>), and is especially important for users who install apps from outside of Google Play.\n\n## 2020-12-01 security patch level vulnerability details\n\nIn the sections below, we provide details for each of the security vulnerabilities that apply to the 2020-12-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as [Google Play system updates](<https://support.google.com/android/answer/7680439>). \n\n### Framework\n\nThe most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2020-0099 | [A-141745510](<https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e>) | EoP | High | 8.0, 8.1, 9, 10 \nCVE-2020-0294 | [A-154915372](<https://android.googlesource.com/platform/frameworks/base/+/d4bd69cef05d379555418a8fe748ec94ff6bd6d0>) | EoP | High | 8.0, 8.1, 9, 10 \nCVE-2020-0440 | [A-162627132](<https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d>) [[2](<https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be>)] | EoP | High | 11 \nCVE-2020-0459 | [A-159373687](<https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/db04b29f0f6a96b19850fc17e23818855f800d61>) [[2](<https://android.googlesource.com/platform/frameworks/base/+/4bd54c477c89d11cfe2d84ff20098aed01cf5de9>)] [[3](<https://android.googlesource.com/platform/packages/apps/Car/Settings/+/dd7bed0670fbdf03d9097f2ba35967544467c863>)] [[4](<https://android.googlesource.com/platform/packages/apps/Settings/+/a9a7f65a10b7514a4070a93d419796498926b5b3>)] [[5](<https://android.googlesource.com/platform/packages/services/Car/+/54cc1b21d5b1e75f8c1d92cac32beaa2cad6a88c>)] | ID | High | 8.0, 8.1, 9, 10 \nCVE-2020-0464 | [A-150371903](<https://android.googlesource.com/platform/system/netd/+/e1ec3b167754930d4d87b48414f9d707554a02f0>) [[2](<https://android.googlesource.com/platform/frameworks/native/+/f1cf6a632da354cff3d8aed54913e1ee2909908e>)] | ID | High | 10 \nCVE-2020-0467 | [A-168500792](<https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9>) | ID | High | 8.1, 9, 10, 11 \nCVE-2020-0468 | [A-158484422](<https://android.googlesource.com/platform/frameworks/base/+/af35aa5ac57a8c7c4534d82d8cd6cfb4f049bbfe>) | ID | High | 10, 11 \nCVE-2020-0469 | [A-168692734](<https://android.googlesource.com/platform/frameworks/base/+/1a6f1fb402b96df561b9672aef1e4fce8a13de80>) | DoS | High | 11 \n \n### Media Framework\n\nThe most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2020-0458 | [A-160265164](<https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2>) [[2](<https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be>)] | RCE | Critical | 8.0, 8.1, 9, 10 \nCVE-2020-0470 | [A-166268541](<https://android.googlesource.com/platform/external/libaom/+/816f15265cb89a02d7ce4b657de277828e71a4b1>) | ID | High | 10, 11 \n \n### System\n\nThe most severe vulnerability in this section could lead to remote information disclosure with no additional execution privileges needed. \n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2020-0460 | [A-163413737](<https://android.googlesource.com/platform/packages/apps/KeyChain/+/ed1888ebc3888399ec5144491e43bf7d871028e5>) | ID | High | 11 \nCVE-2020-0463 | [A-169342531](<https://android.googlesource.com/platform/system/bt/+/938a5cd87c38bf35d15ffa3414c3a74faecb8bf8>) | ID | High | 8.0, 8.1, 9, 10, 11 \nCVE-2020-15802 | [A-158854097](<https://android.googlesource.com/platform/system/bt/+/775a5e72b34b70ff92d61d8bcc47c6bde663f02e>) | ID | High | 8.0, 8.1, 9, 10, 11 \n \n### Google Play system updates\n\nThere are no security issues addressed in Google Play system updates (Project Mainline) this month.\n\n## 2020-12-05 security patch level vulnerability details\n\nIn the sections below, we provide details for each of the security vulnerabilities that apply to the 2020-12-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. \n\n### Kernel components\n\nThe most severe vulnerability in this section could enable a local malicious application to execute arbitrary code within the context of a privileged process. \n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2020-0444 | A-150693166 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/2ad3e17ebf94b7b7f3f64c050ff168f9915345eb>) | EoP | High | Kernel Audit System \nCVE-2020-0465 | A-162844689 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/35556bed836f>) [[2](<https://android.googlesource.com/kernel/common/+/bce1305c0ece>)] | EoP | High | Kernel \nCVE-2020-0466 | A-147802478 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/52c479697c9b>) [[2](<https://android.googlesource.com/kernel/common/+/a9ed4a6560b8>)] | EoP | High | I/O Subsystem \n \n### Broadcom components\n\nThese vulnerabilities affect Broadcom components and further details are available directly from Broadcom. The severity assessment of these issues is provided directly by Broadcom. \n\nCVE | References | | Severity | Component \n---|---|---|---|--- \nCVE-2020-0016 | A-171413483 * | | High | Broadcom middleware \nCVE-2020-0019 | A-171413798 * | | High | Broadcom middleware \n \n### MediaTek components\n\nThese vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek. \n\nCVE | References | | Severity | Component \n---|---|---|---|--- \nCVE-2020-0455 | A-170372514 M-ALPS05324771 * | | High | vcu \nCVE-2020-0456 | A-170378843 M-ALPS05304125 * | | High | vcu \nCVE-2020-0457 | A-170367562 M-ALPS05304170 * | | High | vcu \n \n### Qualcomm components\n\nThese vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm. \n\nCVE | References | | Severity | Component \n---|---|---|---|--- \nCVE-2020-11225 | A-168050601 [QC-CR#2724407](<https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=fe1e85068c57d8c4e4557ed6b265ac6b9694c3a1>) | | Critical | WLAN \nCVE-2020-11146 | A-157906412 [QC-CR#2648596](<https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=a480ed6e37d2dc2c7f56371365cdac7d5358b50c>) | | High | Kernel \nCVE-2020-11167 | A-168049959 [QC-CR#2434229](<https://source.codeaurora.org/quic/le/platform/system/bt/commit/?id=cfdb42d512704965acd551b9ffb6de37aac51bf7>) [[2](<https://source.codeaurora.org/quic/la/platform/system/bt/commit/?id=a741d8d2f59b2a090694be71cd538c821cf95ce5>)] | | High | Bluetooth \nCVE-2020-11185 | A-168050580 [QC-CR#2658462](<https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=227ff6c08ac997241a5a0513ad25f89072096d02>) | | High | WLAN \nCVE-2020-11217 | A-168051734 [QC-CR#2710036](<https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=b8630beb74fab51dbb5b7c769fecfa9534d12b4a>) | | High | Audio \n \n### Qualcomm closed-source components\n\nThese vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm. \n\nCVE | References | | Severity | Component \n---|---|---|---|--- \nCVE-2020-3685 | A-157905813 * | | Critical | Closed-source component \nCVE-2020-3686 | A-157906329 * | | Critical | Closed-source component \nCVE-2020-3691 | A-157906171 * | | Critical | Closed-source component \nCVE-2020-11136 | A-157905860 * | | Critical | Closed-source component \nCVE-2020-11137 | A-157905869 * | | Critical | Closed-source component \nCVE-2020-11138 | A-157905657 * | | Critical | Closed-source component \nCVE-2020-11140 | A-157906530 * | | Critical | Closed-source component \nCVE-2020-11143 | A-157905814 * | | Critical | Closed-source component \nCVE-2020-11119 | A-168051735 * | | High | Closed-source component \nCVE-2020-11139 | A-157905659 * | | High | Closed-source component \nCVE-2020-11144 | A-157906670 * | | High | Closed-source component \nCVE-2020-11145 | A-157905870 * | | High | Closed-source component \nCVE-2020-11179 | A-163548240 * | | High | Closed-source component \nCVE-2020-11197 | A-168050278 * | | High | Closed-source component \nCVE-2020-11200 | A-168049958 * | | High | Closed-source component \nCVE-2020-11212 | A-168050603 * | | High | Closed-source component \nCVE-2020-11213 | A-168050861 * | | High | Closed-source component \nCVE-2020-11214 | A-168049138 * | | High | Closed-source component \nCVE-2020-11215 | A-168049960 * | | High | Closed-source component \nCVE-2020-11216 | A-168050579 * | | High | Closed-source component \n \n## Common questions and answers\n\nThis section answers common questions that may occur after reading this bulletin.\n\n**1\\. How do I determine if my device is updated to address these issues?**\n\nTo learn how to check a device's security patch level, see [Check and update your Android version](<https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices>).\n\n * Security patch levels of 2020-12-01 or later address all issues associated with the 2020-12-01 security patch level.\n * Security patch levels of 2020-12-05 or later address all issues associated with the 2020-12-05 security patch level and all previous patch levels.\n\nDevice manufacturers that include these updates should set the patch string level to:\n\n * [ro.build.version.security_patch]:[2020-12-01]\n * [ro.build.version.security_patch]:[2020-12-05]\n\nFor some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2020-12-01 security patch level. Please see [this article](<https://support.google.com/android/answer/7680439?hl=en>) for more details on how to install security updates.\n\n**2\\. Why does this bulletin have two security patch levels?**\n\nThis bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.\n\n * Devices that use the 2020-12-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.\n * Devices that use the security patch level of 2020-12-05 or newer must include all applicable patches in this (and previous) security bulletins.\n\nPartners are encouraged to bundle the fixes for all issues they are addressing in a single update.\n\n**3\\. What do the entries in the _Type_ column mean?**\n\nEntries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.\n\nAbbreviation | Definition \n---|--- \nRCE | Remote code execution \nEoP | Elevation of privilege \nID | Information disclosure \nDoS | Denial of service \nN/A | Classification not available \n \n**4\\. What do the entries in the _References_ column mean?**\n\nEntries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.\n\nPrefix | Reference \n---|--- \nA- | Android bug ID \nQC- | Qualcomm reference number \nM- | MediaTek reference number \nN- | NVIDIA reference number \nB- | Broadcom reference number \n \n**5\\. What does an * next to the Android bug ID in the _References_ column mean?**\n\nIssues that are not publicly available have an * next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the [Google Developer site](<https://developers.google.com/android/drivers>). \n\n**6\\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**\n\nSecurity vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, [Huawei](<https://consumer.huawei.com/en/support/bulletin/>), [LGE](<https://lgsecurity.lge.com/security_updates_mobile.html>), [Motorola](<https://motorola-global-portal.custhelp.com/app/software-security-page/g_id/6806>), [Nokia](<https://www.nokia.com/phones/en_int/security-updates>), or [Samsung](<https://security.samsungmobile.com/securityUpdate.smsb>).\n\n## Versions\n\nVersion | Date | Notes \n---|---|--- \n1.0 | December 7, 2020 | Bulletin published \n1.1 | December 10, 2020 | Bulletin revised to include AOSP links\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-07T00:00:00", "type": "androidsecurity", "title": "Android Security Bulletin\u2014December 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0016", "CVE-2020-0019", "CVE-2020-0099", "CVE-2020-0294", "CVE-2020-0440", "CVE-2020-0444", "CVE-2020-0455", "CVE-2020-0456", "CVE-2020-0457", "CVE-2020-0458", "CVE-2020-0459", "CVE-2020-0460", "CVE-2020-0463", "CVE-2020-0464", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-0467", "CVE-2020-0468", "CVE-2020-0469", "CVE-2020-0470", "CVE-2020-11119", "CVE-2020-11136", "CVE-2020-11137", "CVE-2020-11138", "CVE-2020-11139", "CVE-2020-11140", "CVE-2020-11143", "CVE-2020-11144", "CVE-2020-11145", "CVE-2020-11146", "CVE-2020-11167", "CVE-2020-11179", "CVE-2020-11185", "CVE-2020-11197", "CVE-2020-11200", "CVE-2020-11212", "CVE-2020-11213", "CVE-2020-11214", "CVE-2020-11215", "CVE-2020-11216", "CVE-2020-11217", "CVE-2020-11225", "CVE-2020-15802", "CVE-2020-3685", "CVE-2020-3686", "CVE-2020-3691"], "modified": "2020-12-10T00:00:00", "id": "ANDROID:2020-12-01", "href": "https://source.android.com/docs/security/bulletin/2020-12-01", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2022-12-30T20:09:45", "description": "Hello everyone! Great news for my open source [Scanvus](<https://github.com/leonov-av/scanvus>) project! You can now perform vulnerability checks on Linux hosts and docker images not only using the [Vulners.com API](<https://vulners.com/docs/API_wrapper/linux_audit/>), but also with the [Vulns.io VM API](<https://vulns.io/>). It's especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. I just had to do the final test. Many thanks to them for this!\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239113>\n\n## How can the support of these two APIs in Scanvus be useful?\n\n 1. Now there is no binding to one vendor. Choose which service and price you prefer.\n 2. The set of supported operating systems varies between Vulners.com and Vulns.io. If a particular Linux distribution is not supported by one vendor, it may be supported by another vendor.\n 3. Vulners and Vulns.io implemented vulnerability checks independently of each other. If the results differ when scanning the same host/image, then implementation errors will be clearly visible.\n 4. Scanvus is released under the MIT license, so you can use it as an example of working with the Vulners.com and Vulns.io APIs and use this code in your projects.\n\n## How to use it?\n\nBasically, everything works exactly the same. You only need to specify the API you want to use in the -audit-service parameter. This can be "vulners" (default) or "vulnsio".\n\n### Localhost\n\nTo begin, I scanned my localhost. This is a completely updated Ubuntu host. Vulners and Vulns.io did not detect security bulletin vulnerabilities there. And this is correct.\n\nVulners did not detect any vulnerabilities at all.\n \n \n $ python3.8 scanvus.py --audit-service vulners --assessment-type localhost\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: localhost\n host: localhost\n Getting OS inventory data...\n os_name: ubuntu\n os_version: 20.04\n package_list_len: 2899\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for localhost (localhost, ubuntu 20.04, linux kernel 5.4.0-135-generic, 2899 packages)\n 0 vulnerabilities were found\n \n\nAnd Vulns.io detected some vulnerabilities.\n \n \n $ python3.8 scanvus.py --audit-service vulnsio --assessment-type localhost\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: localhost\n host: localhost\n Getting OS inventory data...\n os_name: ubuntu\n os_version: 20.04\n package_list_len: 2899\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for localhost (localhost, ubuntu 20.04, linux kernel 5.4.0-135-generic, 2899 packages)\n 3 vulnerabilities with levels ['Medium', 'Critical', 'High'] were found\n +---+----------+-------------+------------------+-------------------------------------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +---+----------+-------------+------------------+-------------------------------------------------------------------------------+\n | 1 | Critical | no advisory | CVE-2021-21783 | apparmor-2.13.3-7ubuntu5.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2207 | libapparmor1-2.13.3-7ubuntu5.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-12390 | libapparmor1-2.13.3-7ubuntu5.1.i386 >= 0:0.0.0 |\n | | | | CVE-2021-3773 | chromium-codecs-ffmpeg-extra-1:85.0.4183.83-0ubuntu0.20.04.2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-25236 | gstreamer1.0-libav-1.16.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-24791 | libqt5webengine-data-5.12.8+dfsg-0ubuntu1.1.all >= 0:0.0.0 |\n | | | | CVE-2019-15232 | libqt5webengine5-5.12.8+dfsg-0ubuntu1.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-26972 | libqt5webenginecore5-5.12.8+dfsg-0ubuntu1.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-12389 | libqt5webenginewidgets5-5.12.8+dfsg-0ubuntu1.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2042 | firefox-108.0+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-13576 | firefox-locale-en-108.0+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-23852 | firefox-locale-ru-108.0+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1253 | thunderbird-1:102.4.2+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-29462 | thunderbird-gnome-support-1:102.4.2+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-30475 | thunderbird-locale-en-1:102.4.2+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n ...\n \n\nWhy? Because Vulners and Vulns.io work differently. Vulners only detects vulnerabilities mentioned in bulletins, while Vulns.io also shows vulnerabilities for which there are no bulletins and patches that fix the vulnerability. Such vulnerabilities are grouped by severity with "no advisory" instead of a bulletin identifier. Whether you want to see vulnerabilities that you can't fix yet is up to you.\n\n### Linux host\n\nNext, I scanned a test upatched Debian 11 host.\n \n \n $ ssh-copy-id -i ~/.ssh/id_rsa.pub vmuser@192.168.56.105\n $ ssh -i ~/.ssh/id_rsa.pub vmuser@192.168.56.105\n\nIn this case, vulnerabilities related to security bulletins were detected. And there are not many of them, so the reports can be easily analyzed manually.\n \n \n $ python3.8 scanvus.py --audit-service \"vulners\" --assessment-type \"remote_ssh\" --host \"192.168.56.105\" --user-name \"vmuser\" --key-path \"/home/alexander/.ssh/id_rsa.pub\"\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: remote_ssh\n host: 192.168.56.105\n user_name: vmuser\n key_path: /home/alexander/.ssh/id_rsa.pub\n Getting OS inventory data...\n os_name: debian\n os_version: 11\n package_list_len: 364\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for 192.168.56.105 (remote_ssh, debian 11, linux kernel 5.10.0-17-amd64, 364 packages)\n 3 vulnerabilities with levels ['High', 'Medium'] were found\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n | 1 | High | DEBIAN:DLA-3152-1:9B676 | CVE-2016-10228 | libc-bin 2.31-13+deb11u3 amd64 < 2.31-13+deb11u4 |\n | | | | CVE-2019-19126 | libc6 2.31-13+deb11u3 amd64 < 2.31-13+deb11u4 |\n | | | | CVE-2019-25013 | locales 2.31-13+deb11u3 all < 2.31-13+deb11u4 |\n | | | | CVE-2020-10029 | libc-l10n 2.31-13+deb11u3 all < 2.31-13+deb11u4 |\n | | | | CVE-2020-1752 | |\n | | | | CVE-2020-27618 | |\n | | | | CVE-2020-6096 | |\n | | | | CVE-2021-27645 | |\n | | | | CVE-2021-3326 | |\n | | | | CVE-2021-33574 | |\n | | | | CVE-2021-35942 | |\n | | | | CVE-2021-3999 | |\n | | | | CVE-2022-23218 | |\n | | | | CVE-2022-23219 | |\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n | 2 | Medium | DEBIAN:DLA-3206-1:5481E | CVE-2019-14870 | krb5-locales 1.18.3-6+deb11u1 all < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-3671 | libkrb5-3 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-44758 | libk5crypto3 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-3437 | libkrb5support0 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-41916 | libgssapi-krb5-2 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-42898 | |\n | | | | CVE-2022-44640 | |\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n | 3 | Medium | DEBIAN:DSA-5287-1:12BD4 | CVE-2021-3671 | krb5-locales 1.18.3-6+deb11u1 all < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-44758 | libkrb5-3 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-3437 | libk5crypto3 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-41916 | libkrb5support0 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-42898 | libgssapi-krb5-2 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-44640 | |\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n \n \n \n $ python3.8 scanvus.py --audit-service \"vulnsio\" --assessment-type \"remote_ssh\" --host \"192.168.56.105\" --user-name \"vmuser\" --key-path \"/home/alexander/.ssh/id_rsa.pub\"\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: remote_ssh\n host: 192.168.56.105\n user_name: vmuser\n key_path: /home/alexander/.ssh/id_rsa.pub\n Getting OS inventory data...\n os_name: debian\n os_version: 11\n package_list_len: 364\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for 192.168.56.105 (remote_ssh, debian 11, linux kernel 5.10.0-17-amd64, 364 packages)\n 7 vulnerabilities with levels ['Medium', 'Critical', 'High'] were found\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 1 | Critical | DSA-5236-1 | CVE-2022-40674 | libexpat1-2.2.10-2+deb11u3.amd64 < 0:2.2.10-2+deb11u4 |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 2 | Critical | no advisory | CVE-2022-23303 | apparmor-2.13.6-10.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45952 | libapparmor1-2.13.6-10.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-3491 | bluetooth-5.55-3.1.all >= 0:0.0.0 |\n | | | | CVE-2020-27619 | bluez-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-43400 | libbluetooth3-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-29921 | busybox-1:1.30.1-6+b3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-37454 | dnsmasq-base-2.85-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-1010022 | libc-bin-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2005-2541 | libc-l10n-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2021-45957 | libc6-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-46908 | locales-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2021-42377 | libdb5.3-5.3.28+dfsg1-0.8.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-46848 | libpcre2-8-0-10.36-2.amd64 < 0:10.36-2+deb11u1 |\n | | | | CVE-2022-23304 | libpython3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-8457 | libpython3.9-stdlib-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2210 | python3.9-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2042 | python3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1586 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45954 | libtasn1-6-4.16.0-2.amd64 < 0:4.16.0-2+deb11u1 |\n | | | | CVE-2022-1587 | tar-1.34+dfsg-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45953 | vim-common-2:8.2.2434-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2016-1585 | vim-tiny-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45955 | xxd-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45956 | wpasupplicant-2:2.9.0-21.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45951 | |\n | | | | CVE-2015-20107 | |\n | | | | CVE-2022-2207 | |\n | | | | CVE-2022-0318 | |\n | | | | CVE-2022-1927 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 3 | High | DSA-5207-1 | CVE-2022-26373 | linux-image-5.10.0-16-amd64-5.10.127-2.amd64 < 0:5.10.136-1 |\n | | | | CVE-2022-2585 | |\n | | | | CVE-2022-23816 | |\n | | | | CVE-2022-2588 | |\n | | | | CVE-2022-29901 | |\n | | | | CVE-2022-36946 | |\n | | | | CVE-2022-2586 | |\n | | | | CVE-2022-29900 | |\n | | | | CVE-2022-36879 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 4 | High | DSA-5235-1 | CVE-2022-3080 | bind9-dnsutils-1:9.16.27-1~deb11u1.amd64 < 1:9.16.33-1~deb11u1 |\n | | | | CVE-2022-38177 | bind9-host-1:9.16.27-1~deb11u1.amd64 < 1:9.16.33-1~deb11u1 |\n | | | | CVE-2022-2795 | bind9-libs-1:9.16.27-1~deb11u1.amd64 < 1:9.16.33-1~deb11u1 |\n | | | | CVE-2022-38178 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 5 | High | no advisory | CVE-2022-1616 | bash-completion-1:2.11-2.all >= 0:0.0.0 |\n | | | | CVE-2022-31782 | bluetooth-5.55-3.1.all >= 0:0.0.0 |\n | | | | CVE-2022-0361 | bluez-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-15778 | libbluetooth3-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-3534 | busybox-1:1.30.1-6+b3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-28831 | cpio-2.13+dfsg-4.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-43680 | dnsmasq-base-2.85-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-43551 | e2fsprogs-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0629 | libcom-err2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2284 | libext2fs2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4173 | libss2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0729 | logsave-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3999 | grub-common-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-2206 | grub-pc-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2021-3903 | grub-pc-bin-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-1733 | grub2-common-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-1851 | iptables-1.8.7-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-19378 | libip4tc2-1.8.7-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-9918 | libip6tc2-1.8.7-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42385 | libxtables12-1.8.7-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2581 | krb5-locales-1.18.3-6+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2021-42384 | libgssapi-krb5-2-1.18.3-6+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-39537 | libk5crypto3-1.18.3-6+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42919 | libkrb5-3-1.18.3-6+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3973 | libkrb5support0-1.18.3-6+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2129 | libbpf0-1:0.3-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4136 | libc-bin-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-15131 | libc-l10n-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2022-3176 | libc6-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2344 | locales-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2021-3697 | libcurl3-gnutls-7.74.0-1.3+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-7246 | libexpat1-2.2.10-2+deb11u3.amd64 < 0:2.2.10-2+deb11u5 |\n | | | | CVE-2020-26560 | libfreetype6-2.10.4+dfsg-1+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-26559 | libgcrypt20-1.8.7-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-39686 | libjansson4-2.13.1-1.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1247 | libldap-2.4-2-2.4.57+dfsg-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42382 | libldap-common-2.4.57+dfsg-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2017-17740 | libncurses6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-36325 | libncursesw6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2257 | libtinfo6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1154 | ncurses-base-6.2+20201114-2.all >= 0:0.0.0 |\n | | | | CVE-2022-0392 | ncurses-bin-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-3297 | ncurses-term-6.2+20201114-2.all >= 0:0.0.0 |\n | | | | CVE-2021-4192 | libpcre3-2:8.39-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2287 | libperl5.32-5.32.1-4+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0408 | perl-5.32.1-4+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2571 | perl-base-5.32.1-4+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0393 | perl-modules-5.32-5.32.1-4+deb11u2.all >= 0:0.0.0 |\n | | | | CVE-2022-1619 | libpolkit-agent-1-0-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-7245 | libpolkit-gobject-1-0-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2345 | policykit-1-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1886 | libpython3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4204 | libpython3.9-stdlib-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0943 | python3.9-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2264 | python3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0359 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0572 | linux-image-5.10.0-16-amd64-5.10.127-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0391 | linux-image-5.10.0-17-amd64-5.10.136-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-11164 | linux-image-amd64-5.10.136-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0413 | login-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3974 | passwd-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1769 | openssh-client-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42378 | openssh-server-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0554 | openssh-sftp-server-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2175 | python3-httplib2-0.18.1-3.all >= 0:0.0.0 |\n | | | | CVE-2022-0685 | vim-common-2:8.2.2434-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2022-1621 | vim-tiny-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-36690 | xxd-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-1010023 | xdg-user-dirs-0.17-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2946 | |\n | | | | CVE-2018-20796 | |\n | | | | CVE-2021-38185 | |\n | | | | CVE-2018-6829 | |\n | | | | CVE-2022-3424 | |\n | | | | CVE-2021-21240 | |\n | | | | CVE-2022-1735 | |\n | | | | CVE-2022-0204 | |\n | | | | CVE-2019-9192 | |\n | | | | CVE-2016-9917 | |\n | | | | CVE-2022-2849 | |\n | | | | CVE-2022-2304 | |\n | | | | CVE-2022-0407 | |\n | | | | CVE-2021-3737 | |\n | | | | CVE-2022-2602 | |\n | | | | CVE-2022-1898 | |\n | | | | CVE-2022-2845 | |\n | | | | CVE-2022-0417 | |\n | | | | CVE-2022-1882 | |\n | | | | CVE-2013-7445 | |\n | | | | CVE-2019-20838 | |\n | | | | CVE-2021-42386 | |\n | | | | CVE-2022-2289 | |\n | | | | CVE-2022-1304 | |\n | | | | CVE-2022-2889 | |\n | | | | CVE-2022-1629 | |\n | | | | CVE-2021-41617 | |\n | | | | CVE-2022-2183 | |\n | | | | CVE-2022-0351 | |\n | | | | CVE-2020-11725 | |\n | | | | CVE-2021-4166 | |\n | | | | CVE-2022-2817 | |\n | | | | CVE-2020-26557 | |\n | | | | CVE-2022-29458 | |\n | | | | CVE-2021-3968 | |\n | | | | CVE-2022-25265 | |\n | | | | CVE-2019-19070 | |\n | | | | CVE-2021-4037 | |\n | | | | CVE-2019-12456 | |\n | | | | CVE-2019-19882 | |\n | | | | CVE-2021-33560 | |\n | | | | CVE-2022-2522 | |\n | | | | CVE-2022-2182 | |\n | | | | CVE-2012-2663 | |\n | | | | CVE-2022-1796 | |\n | | | | CVE-2022-2862 | |\n | | | | CVE-2022-2286 | |\n | | | | CVE-2020-16156 | |\n | | | | CVE-2022-1942 | |\n | | | | CVE-2022-1679 | |\n | | | | CVE-2021-26934 | |\n | | | | CVE-2018-1000500 | |\n | | | | CVE-2008-4609 | |\n | | | | CVE-2019-19449 | |\n | | | | CVE-2021-42381 | |\n | | | | CVE-2022-0368 | |\n | | | | CVE-2022-1720 | |\n | | | | CVE-2022-2125 | |\n | | | | CVE-2021-3847 | |\n | | | | CVE-2022-4139 | |\n | | | | CVE-2022-4378 | |\n | | | | CVE-2022-1620 | |\n | | | | CVE-2021-3872 | |\n | | | | CVE-2022-2126 | |\n | | | | CVE-2022-0934 | |\n | | | | CVE-2021-3928 | |\n | | | | CVE-2022-2000 | |\n | | | | CVE-2021-42383 | |\n | | | | CVE-2022-2816 | |\n | | | | CVE-2021-3984 | |\n | | | | CVE-2019-19814 | |\n | | | | CVE-2022-28733 | |\n | | | | CVE-2021-3927 | |\n | | | | CVE-2020-12362 | |\n | | | | CVE-2018-5709 | |\n | | | | CVE-2011-4116 | |\n | | | | CVE-2022-35737 | |\n | | | | CVE-2022-30065 | |\n | | | | CVE-2022-28734 | |\n | | | | CVE-2018-7738 | |\n | | | | CVE-2021-4187 | |\n | | | | CVE-2021-4069 | |\n | | | | CVE-2016-2568 | |\n | | | | CVE-2022-2343 | |\n | | | | CVE-2021-32078 | |\n | | | | CVE-2021-28861 | |\n | | | | CVE-2021-42380 | |\n | | | | CVE-2022-2819 | |\n | | | | CVE-2022-1785 | |\n | | | | CVE-2021-3864 | |\n | | | | CVE-2022-0443 | |\n | | | | CVE-2022-2124 | |\n | | | | CVE-2021-4019 | |\n | | | | CVE-2022-1968 | |\n | | | | CVE-2022-28391 | |\n | | | | CVE-2022-0500 | |\n | | | | CVE-2022-3775 | |\n | | | | CVE-2022-1897 | |\n | | | | CVE-2022-0261 | |\n | | | | CVE-2021-42379 | |\n | | | | CVE-2022-2285 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 6 | Medium | DSA-5251-1 | CVE-2022-2929 | isc-dhcp-client-4.4.1-2.3.amd64 < 0:4.4.1-2.3+deb11u1 |\n | | | | CVE-2022-2928 | isc-dhcp-common-4.4.1-2.3.amd64 < 0:4.4.1-2.3+deb11u1 |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 7 | Medium | no advisory | CVE-2019-12380 | avahi-autoipd-0.8-5.amd64 < 0:0.8-5+deb11u1 |\n | | | | CVE-2021-42376 | bash-5.1-2+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-16234 | bluetooth-5.55-3.1.all >= 0:0.0.0 |\n | | | | CVE-2022-3586 | bluez-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-5367 | libbluetooth3-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1674 | bsdextrautils-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-31879 | bsdutils-1:2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2018-15919 | eject-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1771 | fdisk-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-36516 | libblkid1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1280 | libfdisk1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3669 | libmount1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-5321 | libsmartcols1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2007-6755 | libuuid1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-15719 | mount-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42374 | util-linux-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-28736 | busybox-1:1.30.1-6+b3.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-9804 | coreutils-8.32-4+b1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42375 | grub-common-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2021-3696 | grub-pc-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2018-17977 | grub-pc-bin-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-0156 | grub2-common-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-3542 | initramfs-tools-0.140.all >= 0:0.0.0 |\n | | | | CVE-2016-9799 | initramfs-tools-core-0.140.all >= 0:0.0.0 |\n | | | | CVE-2011-3389 | krb5-locales-1.18.3-6+deb11u1.all < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2020-26555 | libgssapi-krb5-2-1.18.3-6+deb11u1.amd64 < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2019-16229 | libk5crypto3-1.18.3-6+deb11u1.amd64 < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2020-24504 | libkrb5-3-1.18.3-6+deb11u1.amd64 < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2017-16231 | libkrb5support0-1.18.3-6+deb11u1.amd64 < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2021-4193 | libbpf0-1:0.3-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2874 | libc-bin-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2012-4542 | libc-l10n-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2022-3715 | libc6-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2013-4235 | locales-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2016-9798 | libcurl3-gnutls-7.74.0-1.3+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-0347 | libexpat1-2.2.10-2+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-22923 | libglib2.0-0-2.66.8-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-14159 | libglib2.0-data-2.66.8-1.all >= 0:0.0.0 |\n | | | | CVE-2021-3468 | libgnutls30-3.7.1-5+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-5366 | libldap-2.4-2-2.4.57+dfsg-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2012-0039 | libldap-common-2.4.57+dfsg-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2020-14145 | libnss-systemd-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-18018 | libpam-systemd-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-4415 | libsystemd0-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-44879 | libudev1-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3502 | systemd-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-4095 | systemd-sysv-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1420 | systemd-timesyncd-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-3709 | udev-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-15794 | libpcre3-2:8.39-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0213 | libpng16-16-1.6.37-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42328 | libpolkit-agent-1-0-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42329 | libpolkit-gobject-1-0-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42898 | policykit-1-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2015-3276 | libprotobuf-c1-1.3.3-1+b2.amd64 >= 0:0.0.0 |\n | | | | CVE-2011-4917 | libpython3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-4756 | libpython3.9-stdlib-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4189 | python3.9-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-16233 | python3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2231 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4214 | libssl1.1-1.1.1n-0+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2014-9892 | openssl-1.1.1n-0+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-4677 | libxml2-2.9.10+dfsg-6.7+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-4996 | linux-image-5.10.0-16-amd64-5.10.127-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-12364 | linux-image-5.10.0-17-amd64-5.10.136-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2598 | linux-image-amd64-5.10.136-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-1000382 | login-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3426 | passwd-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-0928 | openssh-client-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2097 | openssh-server-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-13084 | openssh-sftp-server-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-5135 | os-prober-1.79.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-9803 | ppp-2.4.9-1+1.amd64 >= 0:0.0.0 |\n | | | | CVE-2015-3243 | rsyslog-8.2102.0-2+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-0630 | vim-common-2:8.2.2434-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2007-2768 | vim-tiny-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45941 | xxd-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-10723 | wget-1.21-1+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-3857 | wpasupplicant-2:2.9.0-21.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3658 | |\n | | | | CVE-2020-26142 | |\n | | | | CVE-2022-2208 | |\n | | | | CVE-2022-2873 | |\n | | | | CVE-2021-45346 | |\n | | | | CVE-2022-4662 | |\n | | | | CVE-2022-0714 | |\n | | | | CVE-2021-4023 | |\n | | | | CVE-2007-5686 | |\n | | | | CVE-2019-6129 | |\n | | | | CVE-2022-3061 | |\n | | | | CVE-2022-0171 | |\n | | | | CVE-2020-12363 | |\n | | | | CVE-2022-33070 | |\n | | | | CVE-2017-13694 | |\n | | | | CVE-2021-3714 | |\n | | | | CVE-2022-1184 | |\n | | | | CVE-2020-26143 | |\n | | | | CVE-2019-1010025 | |\n | | | | CVE-2020-13529 | |\n | | | | CVE-2019-16089 | |\n | | | | CVE-2022-0563 | |\n | | | | CVE-2019-15213 | |\n | | | | CVE-2019-12379 | |\n | | | | CVE-2014-9900 | |\n | | | | CVE-2022-2923 | |\n | | | | CVE-2019-5062 | |\n | | | | CVE-2021-30004 | |\n | | | | CVE-2016-9797 | |\n | | | | CVE-2016-9801 | |\n | | | | CVE-2017-13693 | |\n | | | | CVE-2007-2243 | |\n | | | | CVE-2019-6110 | |\n | | | | CVE-2022-0696 | |\n | | | | CVE-2019-12381 | |\n | | | | CVE-2021-4115 | |\n | | | | CVE-2019-16231 | |\n | | | | CVE-2019-12382 | |\n | | | | CVE-2022-3344 | |\n | | | | CVE-2020-14304 | |\n | | | | CVE-2022-23825 | |\n | | | | CVE-2019-12455 | |\n | | | | CVE-2004-0230 | |\n | | | | CVE-2022-3707 | |\n | | | | CVE-2019-16230 | |\n | | | | CVE-2019-1010024 | |\n | | | | CVE-2020-26140 | |\n | | | | CVE-2016-20012 | |\n | | | | CVE-2021-22922 | |\n | | | | CVE-2021-3759 | |\n | | | | CVE-2022-0480 | |\n | | | | CVE-2011-4916 | |\n | | | | CVE-2005-3660 | |\n | | | | CVE-2010-4563 | |\n | | | | CVE-2016-8660 | |\n | | | | CVE-2008-3234 | |\n | | | | CVE-2013-0340 | |\n | | | | CVE-2019-20794 | |\n | | | | CVE-2016-2781 | |\n | | | | CVE-2019-16232 | |\n | | | | CVE-2021-33061 | |\n | | | | CVE-2022-3628 | |\n | | | | CVE-2018-12928 | |\n | | | | CVE-2022-28735 | |\n | | | | CVE-2018-1121 | |\n | | | | CVE-2022-1462 | |\n | | | | CVE-2022-43552 | |\n | | | | CVE-2016-9800 | |\n | | | | CVE-2019-12378 | |\n | | | | CVE-2021-4149 | |\n | | | | CVE-2011-4915 | |\n | | | | CVE-2020-15802 | |\n | | | | CVE-2021-45940 | |\n | | | | CVE-2022-2153 | |\n | | | | CVE-2022-4543 | |\n | | | | CVE-2021-41229 | |\n | | | | CVE-2008-2544 | |\n | | | | CVE-2016-9802 | |\n | | | | CVE-2022-3606 | |\n | | | | CVE-2022-0400 | |\n | | | | CVE-2022-0319 | |\n | | | | CVE-2022-21505 | |\n | | | | CVE-2021-3733 | |\n | | | | CVE-2021-42373 | |\n | | | | CVE-2021-3695 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n \n\nAnd we can see that the APIs returned different detection results for the DSA/DLA bulletins. The intersection of the sets is empty.\n \n \n **Vulners \u2216 VulnsIO:** 3 {'DLA-3206-1', 'DSA-5287-1', 'DLA-3152-1'}\n **Vulners \u2229 VulnsIO:** 0 set()\n **VulnsIO \u2216 Vulners:** 4 {'DSA-5207-1', 'DSA-5235-1', 'DSA-5236-1', 'DSA-5251-1'}\n\nAt the same time, proofs look convincing at first glance. In this episode, I won't go into why there is such a difference in Debian vulnerability detection results. Perhaps the answer is in the operation of the API, and perhaps in the collection of data from the host. I think we will solve this with colleagues from Vulners and Vulns.io. I'm just pointing out again that vulnerability detection is not that easy and it's good when you can use several independent detection engines and compare the results.\n\n### Docker image \n\nNext, I check the vulnerabilities for the Docker image. It is also based on Debian 11.\n \n \n $ python3.8 scanvus.py --audit-service vulners --assessment-type \"docker_image\" --docker-image \"python:3.9.6-slim-bullseye\"\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: docker_image\n docker_image: python:3.9.6-slim-bullseye\n Getting OS inventory data...\n os_name: debian\n os_version: 11\n package_list_len: 105\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for python:3.9.6-slim-bullseye (docker_image, debian 11, linux kernel 5.4.0-135-generic, 105 packages)\n 22 vulnerabilities with levels ['Critical', 'High', 'Medium'] were found\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 1 | Critical | DEBIAN:DLA-2904-1:6B1FD | CVE-2021-45960 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u1 |\n | | | | CVE-2021-46143 | |\n | | | | CVE-2022-22822 | |\n | | | | CVE-2022-22823 | |\n | | | | CVE-2022-22824 | |\n | | | | CVE-2022-22825 | |\n | | | | CVE-2022-22826 | |\n | | | | CVE-2022-22827 | |\n | | | | CVE-2022-23852 | |\n | | | | CVE-2022-23990 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 2 | Critical | DEBIAN:DLA-3008-1:E2717 | CVE-2022-1292 | libssl1.1 1.1.1k-1 amd64 < 1.1.1n-0+deb11u2 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1n-0+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 3 | Critical | DEBIAN:DSA-5073-1:5DBA9 | CVE-2021-45960 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u1 |\n | | | | CVE-2021-46143 | |\n | | | | CVE-2022-22822 | |\n | | | | CVE-2022-22823 | |\n | | | | CVE-2022-22824 | |\n | | | | CVE-2022-22825 | |\n | | | | CVE-2022-22826 | |\n | | | | CVE-2022-22827 | |\n | | | | CVE-2022-23852 | |\n | | | | CVE-2022-23990 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 4 | Critical | DEBIAN:DSA-5139-1:0E208 | CVE-2022-1292 | libssl1.1 1.1.1k-1 amd64 < 1.1.1n-0+deb11u2 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1n-0+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 5 | Critical | DEBIAN:DSA-5169-1:87483 | CVE-2022-2068 | libssl1.1 1.1.1k-1 amd64 < 1.1.1n-0+deb11u3 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1n-0+deb11u3 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 6 | High | DEBIAN:DLA-2935-1:EEAAD | CVE-2022-23852 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u1 |\n | | | | CVE-2022-25235 | |\n | | | | CVE-2022-25236 | |\n | | | | CVE-2022-25313 | |\n | | | | CVE-2022-25315 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 7 | High | DEBIAN:DLA-3022-1:26EFE | CVE-2022-1664 | dpkg 1.20.9 amd64 < 1.20.10 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 8 | High | DEBIAN:DLA-3152-1:9B676 | CVE-2016-10228 | libc-bin 2.31-13 amd64 < 2.31-13+deb11u3 |\n | | | | CVE-2019-19126 | libc6 2.31-13 amd64 < 2.31-13+deb11u3 |\n | | | | CVE-2019-25013 | |\n | | | | CVE-2020-10029 | |\n | | | | CVE-2020-1752 | |\n | | | | CVE-2020-27618 | |\n | | | | CVE-2020-6096 | |\n | | | | CVE-2021-27645 | |\n | | | | CVE-2021-3326 | |\n | | | | CVE-2021-33574 | |\n | | | | CVE-2021-35942 | |\n | | | | CVE-2021-3999 | |\n | | | | CVE-2022-23218 | |\n | | | | CVE-2022-23219 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 9 | High | DEBIAN:DSA-4963-1:90BFC | CVE-2021-3711 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n | | | | CVE-2021-3712 | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 10 | High | DEBIAN:DSA-4963-1:DA7BC | CVE-2021-3711 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n | | | | CVE-2021-3712 | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 11 | High | DEBIAN:DSA-5085-1:EC5E7 | CVE-2022-25235 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u2 |\n | | | | CVE-2022-25236 | |\n | | | | CVE-2022-25313 | |\n | | | | CVE-2022-25314 | |\n | | | | CVE-2022-25315 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 12 | High | DEBIAN:DSA-5085-2:292DA | CVE-2022-25236 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u3 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 13 | High | DEBIAN:DSA-5147-1:638F9 | CVE-2022-1664 | dpkg 1.20.9 amd64 < 1.20.10 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 14 | Medium | DEBIAN:DLA-2766-1:9EFDC | CVE-2021-3712 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 15 | Medium | DEBIAN:DLA-2771-1:D1964 | CVE-2018-20217 | libk5crypto3 1.18.3-6 amd64 < 1.18.3-6+deb11u1 |\n | | | | CVE-2018-5729 | libkrb5-3 1.18.3-6 amd64 < 1.18.3-6+deb11u1 |\n | | | | CVE-2018-5730 | libgssapi-krb5-2 1.18.3-6 amd64 < 1.18.3-6+deb11u1 |\n | | | | CVE-2021-37750 | libkrb5support0 1.18.3-6 amd64 < 1.18.3-6+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 16 | Medium | DEBIAN:DLA-2774-1:D8CE0 | CVE-2021-3712 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 17 | Medium | DEBIAN:DLA-2952-1:7651B | CVE-2019-1551 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n | | | | CVE-2022-0778 | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 18 | Medium | DEBIAN:DLA-2953-1:551CB | CVE-2022-0778 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 19 | Medium | DEBIAN:DLA-3206-1:5481E | CVE-2019-14870 | libk5crypto3 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-3671 | libkrb5-3 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-44758 | libgssapi-krb5-2 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-3437 | libkrb5support0 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-41916 | |\n | | | | CVE-2022-42898 | |\n | | | | CVE-2022-44640 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 20 | Medium | DEBIAN:DSA-5103-1:C47DD | CVE-2021-4160 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n | | | | CVE-2022-0778 | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 21 | Medium | DEBIAN:DSA-5174-1:32717 | CVE-2022-34903 | gpgv 2.2.27-2 amd64 < 2.2.27-2+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 22 | Medium | DEBIAN:DSA-5287-1:12BD4 | CVE-2021-3671 | libk5crypto3 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-44758 | libkrb5-3 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-3437 | libgssapi-krb5-2 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-41916 | libkrb5support0 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-42898 | |\n | | | | CVE-2022-44640 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n \n \n \n $ python3.8 scanvus.py --audit-service vulnsio --assessment-type \"docker_image\" --docker-image \"python:3.9.6-slim-bullseye\" \n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: docker_image\n docker_image: python:3.9.6-slim-bullseye\n Getting OS inventory data...\n os_name: debian\n os_version: 11\n package_list_len: 105\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for python:3.9.6-slim-bullseye (docker_image, debian 11, linux kernel 5.4.0-135-generic, 105 packages)\n 19 vulnerabilities with levels ['Critical', 'High', 'Medium'] were found\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 1 | Critical | DSA-4963-1 | CVE-2021-3711 | libssl1.1-1.1.1k-1.amd64 < 0:1.1.1k-1+deb11u1 |\n | | | | CVE-2021-3712 | openssl-1.1.1k-1.amd64 < 0:1.1.1k-1+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 2 | Critical | DSA-5073-1 | CVE-2022-23852 | libexpat1-2.2.10-2.amd64 < 0:2.2.10-2+deb11u1 |\n | | | | CVE-2022-23990 | |\n | | | | CVE-2021-46143 | |\n | | | | CVE-2022-22824 | |\n | | | | CVE-2022-22827 | |\n | | | | CVE-2021-45960 | |\n | | | | CVE-2022-22822 | |\n | | | | CVE-2022-22825 | |\n | | | | CVE-2022-22823 | |\n | | | | CVE-2022-22826 | |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 3 | Critical | DSA-5085-1 | CVE-2022-25236 | libexpat1-2.2.10-2.amd64 < 0:2.2.10-2+deb11u2 |\n | | | | CVE-2022-25314 | |\n | | | | CVE-2022-25235 | |\n | | | | CVE-2022-25315 | |\n | | | | CVE-2022-25313 | |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 4 | Critical | DSA-5139-1 | CVE-2022-1292 | libssl1.1-1.1.1k-1.amd64 < 0:1.1.1n-0+deb11u2 |\n | | | | | openssl-1.1.1k-1.amd64 < 0:1.1.1n-0+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 5 | Critical | DSA-5147-1 | CVE-2022-1664 | dpkg-1.20.9.amd64 < 0:1.20.10 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 6 | Critical | DSA-5169-1 | CVE-2022-2068 | libssl1.1-1.1.1k-1.amd64 < 0:1.1.1n-0+deb11u3 |\n | | | | | openssl-1.1.1k-1.amd64 < 0:1.1.1n-0+deb11u3 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 7 | Critical | DSA-5218-1 | CVE-2022-37434 | zlib1g-1:1.2.11.dfsg-2.amd64 < 1:1.2.11.dfsg-2+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 8 | Critical | DSA-5236-1 | CVE-2022-40674 | libexpat1-2.2.10-2.amd64 < 0:2.2.10-2+deb11u4 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 9 | Critical | no advisory | CVE-2022-23218 | libc-bin-2.31-13.amd64 < 0:2.31-13+deb11u3 |\n | | | | CVE-2022-46908 | libc6-2.31-13.amd64 < 0:2.31-13+deb11u3 |\n | | | | CVE-2019-1010022 | libdb5.3-5.3.28+dfsg1-0.8.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-23219 | libpcre2-8-0-10.36-2.amd64 < 0:10.36-2+deb11u1 |\n | | | | CVE-2019-8457 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-33574 | libtasn1-6-4.16.0-2.amd64 < 0:4.16.0-2+deb11u1 |\n | | | | CVE-2005-2541 | tar-1.34+dfsg-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1587 | |\n | | | | CVE-2022-1586 | |\n | | | | CVE-2021-46848 | |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 10 | High | DSA-5103-1 | CVE-2022-0778 | libssl1.1-1.1.1k-1.amd64 < 0:1.1.1k-1+deb11u2 |\n | | | | CVE-2021-4160 | openssl-1.1.1k-1.amd64 < 0:1.1.1k-1+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 11 | High | DSA-5111-1 | CVE-2018-25032 | zlib1g-1:1.2.11.dfsg-2.amd64 < 1:1.2.11.dfsg-2+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 12 | High | DSA-5122-1 | CVE-2022-1271 | gzip-1.10-4.amd64 < 0:1.10-4+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 13 | High | DSA-5123-1 | CVE-2022-1271 | liblzma5-5.2.5-2.amd64 < 0:5.2.5-2.1~deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 14 | High | DSA-5200-1 | CVE-2021-46828 | libtirpc-common-1.3.1-1.all < 0:1.3.1-1+deb11u1 |\n | | | | | libtirpc3-1.3.1-1.amd64 < 0:1.3.1-1+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 15 | High | DSA-5203-1 | CVE-2022-2509 | libgnutls30-3.7.1-5.amd64 < 0:3.7.1-5+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 16 | High | no advisory | CVE-2022-29458 | e2fsprogs-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2018-6829 | libcom-err2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-43618 | libext2fs2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-20838 | libss2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-36690 | logsave-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-19882 | libc-bin-2.31-13.amd64 < 0:2.31-13+deb11u3 |\n | | | | CVE-2011-4116 | libc6-2.31-13.amd64 < 0:2.31-13+deb11u3 |\n | | | | CVE-2022-1304 | libexpat1-2.2.10-2.amd64 < 0:2.2.10-2+deb11u5 |\n | | | | CVE-2017-7246 | libgcrypt20-1.8.7-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2018-20796 | libgmp10-2:6.2.1+dfsg-1.amd64 < 2:6.2.1+dfsg-1+deb11u1 |\n | | | | CVE-2019-1010023 | libgssapi-krb5-2-1.18.3-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-39537 | libk5crypto3-1.18.3-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-16156 | libkrb5-3-1.18.3-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-43680 | libkrb5support0-1.18.3-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2018-5709 | libncursesw6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-9192 | libtinfo6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3999 | ncurses-base-6.2+20201114-2.all >= 0:0.0.0 |\n | | | | CVE-2017-7245 | ncurses-bin-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-11164 | libpcre3-2:8.39-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-35737 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-43396 | login-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-33560 | passwd-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | | perl-base-5.32.1-4+deb11u1.amd64 >= 0:0.0.0 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 17 | Medium | DSA-5055-1 | CVE-2021-3996 | bsdutils-1:2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | CVE-2021-3995 | libblkid1-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | libmount1-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | libsmartcols1-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | libuuid1-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | mount-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | util-linux-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 18 | Medium | DSA-5174-1 | CVE-2022-34903 | gpgv-2.2.27-2.amd64 < 0:2.2.27-2+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 19 | Medium | no advisory | CVE-2022-2097 | bash-5.1-2+b3.amd64 >= 0:0.0.0 |\n | | | | CVE-2013-4235 | bsdutils-1:2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-1010024 | libblkid1-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-0928 | libmount1-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4209 | libsmartcols1-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-2781 | libuuid1-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-16231 | mount-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42898 | util-linux-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-18018 | coreutils-8.32-4+b1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45346 | libc-bin-2.31-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-37750 | libc6-2.31-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2007-6755 | libexpat1-2.2.10-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-4756 | libgnutls30-3.7.1-5.amd64 >= 0:0.0.0 |\n | | | | CVE-2013-0340 | libgssapi-krb5-2-1.18.3-6.amd64 < 0:1.18.3-6+deb11u1 |\n | | | | CVE-2021-3997 | libk5crypto3-1.18.3-6.amd64 < 0:1.18.3-6+deb11u1 |\n | | | | CVE-2011-3389 | libkrb5-3-1.18.3-6.amd64 < 0:1.18.3-6+deb11u1 |\n | | | | CVE-2022-3715 | libkrb5support0-1.18.3-6.amd64 < 0:1.18.3-6+deb11u1 |\n | | | | CVE-2022-0563 | libpcre3-2:8.39-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-13529 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-4415 | libssl1.1-1.1.1k-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-1010025 | openssl-1.1.1k-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2007-5686 | libsystemd0-247.3-6.amd64 < 0:247.3-7 |\n | | | | | libudev1-247.3-6.amd64 < 0:247.3-7 |\n | | | | | login-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | | passwd-1:4.8.1-1.amd64 >= 0:0.0.0 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n \n\nIn this case, more vulnerabilities were detected. We can also see a big difference in the results, but there is already some intersection of the sets.\n \n \n **Vulners \u2216 VulnsIO:** 13 {'DSA-5287-1', 'DLA-2771-1', 'DLA-2904-1', 'DLA-3022-1', 'DLA-3206-1', 'DLA-2766-1', 'DLA-2935-1', 'DLA-2774-1', 'DLA-3008-1', 'DLA-3152-1', 'DLA-2953-1', 'DSA-5085-2', 'DLA-2952-1'}\n **Vulners \u2229 VulnsIO:** 8 {'DSA-5147-1', 'DSA-5073-1', 'DSA-5174-1', 'DSA-4963-1', 'DSA-5169-1', 'DSA-5139-1', 'DSA-5085-1', 'DSA-5103-1'}\n **VulnsIO \u2216 Vulners:** 8 {'DSA-5111-1', 'DSA-5055-1', 'DSA-5123-1', 'DSA-5122-1', 'DSA-5236-1', 'DSA-5203-1', 'DSA-5218-1', 'DSA-5200-1'}\n\nWe can look at one bulletin that was detected by two APIs.\n\nVulners:\n \n \n | 13 | High | DEBIAN:DSA-5147-1:638F9 | CVE-2022-1664 | dpkg 1.20.9 amd64 < 1.20.10 |\n\nVulns.io:\n \n \n | 5 | Critical | DSA-5147-1 | CVE-2022-1664 | dpkg-1.20.9.amd64 < 0:1.20.10 |\n\nAs you can see from the proofs, the detection criteria are the same. And this is good. I would also like to draw attention to the different values of the criticality level for the bulletin. [Debian does not provide](<https://www.debian.org/security/2022/dsa-5147>) a this criticality level, apparently it is calculated by the vendors based on CVSS, but in different ways. \n\n## What's next?\n\nAs we can see, support for the Vulners.com and Vulns.io APIs in Scanvus opens up new opportunities for testing the correctness of the detection for all supported Linux distributions.\n\nCurrently, support for the Vulners.com API and support for the Vulns.io API are implemented equally, but they are implemented independently. The bash inventory scripts for each of the APIs are different. Two independent reporting functions are also used. It seems right to **unify the inventory script** so that the same inventory results can be checked with Vulners.com and Vulns.io. It also seems right to create a **single format for presenting detection results** and convert raw results from APIs into this format. This format could be used for reporting and further integrations. In this way, it will be possible to debug the scheme for adding new APIs to Scanvus.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-30T18:03:13", "type": "avleonov", "title": "Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0230", "CVE-2005-2541", "CVE-2005-3660", "CVE-2007-2243", "CVE-2007-2768", "CVE-2007-5686", "CVE-2007-6755", "CVE-2008-2544", "CVE-2008-3234", "CVE-2008-4609", "CVE-2008-4677", "CVE-2008-4996", "CVE-2008-5135", "CVE-2008-5366", "CVE-2008-5367", "CVE-2010-0928", "CVE-2010-4563", "CVE-2010-4756", "CVE-2010-5321", "CVE-2011-3389", "CVE-2011-4116", "CVE-2011-4915", "CVE-2011-4916", "CVE-2011-4917", "CVE-2012-0039", "CVE-2012-2663", "CVE-2012-4542", "CVE-2013-0340", "CVE-2013-4235", "CVE-2013-7445", "CVE-2014-9892", "CVE-2014-9900", "CVE-2015-20107", "CVE-2015-3243", "CVE-2015-3276", "CVE-2016-10228", "CVE-2016-10723", "CVE-2016-1585", "CVE-2016-20012", "CVE-2016-2568", "CVE-2016-2781", "CVE-2016-3709", "CVE-2016-8660", "CVE-2016-9797", "CVE-2016-9798", "CVE-2016-9799", "CVE-2016-9800", "CVE-2016-9801", "CVE-2016-9802", "CVE-2016-9803", "CVE-2016-9804", "CVE-2016-9917", "CVE-2016-9918", "CVE-2017-0630", "CVE-2017-1000382", "CVE-2017-11164", "CVE-2017-13084", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-14159", "CVE-2017-15131", "CVE-2017-16231", "CVE-2017-17740", "CVE-2017-18018", "CVE-2017-7245", "CVE-2017-7246", "CVE-2018-1000500", "CVE-2018-1121", "CVE-2018-12928", "CVE-2018-15919", "CVE-2018-17977", "CVE-2018-20217", "CVE-2018-20796", "CVE-2018-25032", "CVE-2018-5709", "CVE-2018-5729", "CVE-2018-5730", "CVE-2018-6829", "CVE-2018-7738", "CVE-2019-1010022", "CVE-2019-1010023", "CVE-2019-1010024", "CVE-2019-1010025", "CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-12455", "CVE-2019-12456", "CVE-2019-14870", "CVE-2019-15213", "CVE-2019-15232", "CVE-2019-1551", "CVE-2019-15794", "CVE-2019-16089", "CVE-2019-16229", "CVE-2019-16230", "CVE-2019-16231", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-19070", "CVE-2019-19126", "CVE-2019-19378", "CVE-2019-19449", "CVE-2019-19814", "CVE-2019-19882", "CVE-2019-20794", "CVE-2019-20838", "CVE-2019-25013", "CVE-2019-5062", "CVE-2019-6110", "CVE-2019-6129", "CVE-2019-8457", "CVE-2019-9192", "CVE-2020-0347", "CVE-2020-10029", "CVE-2020-11725", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12389", "CVE-2020-12390", "CVE-2020-13529", "CVE-2020-13576", "CVE-2020-14145", "CVE-2020-14304", "CVE-2020-15719", "CVE-2020-15778", "CVE-2020-15802", "CVE-2020-16156", "CVE-2020-1752", "CVE-2020-24504", "CVE-2020-26140", "CVE-2020-26142", "CVE-2020-26143", "CVE-2020-26555", "CVE-2020-26557", "CVE-2020-26559", "CVE-2020-26560", "CVE-2020-26972", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-36325", "CVE-2020-36516", "CVE-2020-6096", "CVE-2021-21240", "CVE-2021-21783", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-26934", "CVE-2021-27645", "CVE-2021-28831", "CVE-2021-28861", "CVE-2021-29462", "CVE-2021-29921", "CVE-2021-30004", "CVE-2021-30475", "CVE-2021-31879", "CVE-2021-32078", "CVE-2021-33061", "CVE-2021-3326", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3468", "CVE-2021-3502", "CVE-2021-35942", "CVE-2021-3658", "CVE-2021-3669", "CVE-2021-36690", "CVE-2021-3671", "CVE-2021-3695", "CVE-2021-3696", "CVE-2021-3697", "CVE-2021-3711", "CVE-2021-3712", "CVE-2021-3714", "CVE-2021-3733", "CVE-2021-3737", "CVE-2021-3759", "CVE-2021-3773", "CVE-2021-37750", "CVE-2021-38185", "CVE-2021-3847", "CVE-2021-3864", "CVE-2021-3872", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-39537", "CVE-2021-3968", "CVE-2021-39686", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-3984", "CVE-2021-3995", "CVE-2021-3996", "CVE-2021-3997", "CVE-2021-3999", "CVE-2021-4019", "CVE-2021-4023", "CVE-2021-4037", "CVE-2021-4069", "CVE-2021-4115", "CVE-2021-41229", "CVE-2021-4136", "CVE-2021-4149", "CVE-2021-4160", "CVE-2021-41617", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2021-4189", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-4204", "CVE-2021-4209", "CVE-2021-4214", "CVE-2021-42373", "CVE-2021-42374", "CVE-2021-42375", "CVE-2021-42376", "CVE-2021-42377", "CVE-2021-42378", "CVE-2021-42379", "CVE-2021-42380", "CVE-2021-42381", "CVE-2021-42382", "CVE-2021-42383", "CVE-2021-42384", "CVE-2021-42385", "CVE-2021-42386", "CVE-2021-43396", "CVE-2021-43400", "CVE-2021-43618", "CVE-2021-44758", "CVE-2021-44879", "CVE-2021-45346", "CVE-2021-45940", "CVE-2021-45941", "CVE-2021-45951", "CVE-2021-45952", "CVE-2021-45953", "CVE-2021-45954", "CVE-2021-45955", "CVE-2021-45956", "CVE-2021-45957", "CVE-2021-45960", "CVE-2021-46143", "CVE-2021-46828", "CVE-2021-46848", "CVE-2022-0156", "CVE-2022-0171", "CVE-2022-0204", "CVE-2022-0213", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0319", "CVE-2022-0351", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0368", "CVE-2022-0391", "CVE-2022-0392", "CVE-2022-0393", "CVE-2022-0400", "CVE-2022-0407", "CVE-2022-0408", "CVE-2022-0413", "CVE-2022-0417", "CVE-2022-0443", "CVE-2022-0480", "CVE-2022-0500", "CVE-2022-0554", "CVE-2022-0563", "CVE-2022-0572", "CVE-2022-0629", "CVE-2022-0685", "CVE-2022-0696", "CVE-2022-0714", "CVE-2022-0729", "CVE-2022-0778", "CVE-2022-0934", "CVE-2022-0943", "CVE-2022-1154", "CVE-2022-1184", "CVE-2022-1247", "CVE-2022-1253", "CVE-2022-1271", "CVE-2022-1280", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1420", "CVE-2022-1462", "CVE-2022-1586", "CVE-2022-1587", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1621", "CVE-2022-1629", "CVE-2022-1664", "CVE-2022-1674", "CVE-2022-1679", "CVE-2022-1720", "CVE-2022-1733", "CVE-2022-1735", "CVE-2022-1769", "CVE-2022-1771", "CVE-2022-1785", "CVE-2022-1796", "CVE-2022-1851", "CVE-2022-1882", "CVE-2022-1886", "CVE-2022-1897", "CVE-2022-1898", "CVE-2022-1927", "CVE-2022-1942", "CVE-2022-1968", "CVE-2022-2000", "CVE-2022-2042", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-21505", "CVE-2022-2153", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2231", "CVE-2022-2257", "CVE-2022-2264", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2289", "CVE-2022-2304", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23303", "CVE-2022-23304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-23852", "CVE-2022-23990", "CVE-2022-24791", "CVE-2022-2509", "CVE-2022-2522", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25265", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-25315", "CVE-2022-2571", "CVE-2022-2581", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-2598", "CVE-2022-2602", "CVE-2022-26373", "CVE-2022-2795", "CVE-2022-2816", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-28391", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2873", "CVE-2022-28733", "CVE-2022-28734", "CVE-2022-28735", "CVE-2022-28736", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2928", "CVE-2022-2929", "CVE-2022-29458", "CVE-2022-2946", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-30065", "CVE-2022-3061", "CVE-2022-3080", "CVE-2022-3176", "CVE-2022-31782", "CVE-2022-3297", "CVE-2022-33070", "CVE-2022-3344", "CVE-2022-3424", "CVE-2022-3437", "CVE-2022-34903", "CVE-2022-3491", "CVE-2022-3534", "CVE-2022-3542", "CVE-2022-35737", "CVE-2022-3586", "CVE-2022-3606", "CVE-2022-3628", "CVE-2022-36879", "CVE-2022-36946", "CVE-2022-3707", "CVE-2022-3715", "CVE-2022-37434", "CVE-2022-37454", "CVE-2022-3775", "CVE-2022-38177", "CVE-2022-38178", "CVE-2022-3857", "CVE-2022-40674", "CVE-2022-4095", "CVE-2022-4139", "CVE-2022-41916", "CVE-2022-42328", "CVE-2022-42329", "CVE-2022-42898", "CVE-2022-42919", "CVE-2022-43551", "CVE-2022-43552", "CVE-2022-43680", "CVE-2022-4378", "CVE-2022-4415", "CVE-2022-44640", "CVE-2022-4543", "CVE-2022-4662", "CVE-2022-46908"], "modified": "2022-12-30T18:03:13", "id": "AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987", "href": "https://avleonov.com/2022/12/30/scanvus-now-supports-vulners-and-vulns-io-vm-linux-vulnerability-detection-apis/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}