5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
30.9%
Devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing are vulnerable to key overwrite, which enables an attacker to to gain additional access to profiles or services that are not restricted by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key. This vulnerability is being referred to as BLURtooth.
As detailed in both the Bluetooth Core Specification versions 4.2 and 5.0, Bluetooth CTKD can be used for pairing by devices that support both Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) transport methods, which are known as βdual-modeβ devices. CTKD pairing allows the devices to pair once using either transport method while generating both the BR/EDR and LE Long Term Keys (LTK) without needing to pair a second time. Dual-mode devices using CTKD to generate a LTK or Link Key (LK) are able to overwrite the original LTK or LK in cases where that transport was enforcing a higher level of security.
Several potential attacks could be performed by exploiting CVE-2020-15802, including a Man in the Middle (MITM) attack. The vulnerability is being referred to as BLURtooth and the group of attacks is being referred to as the BLUR attacks. Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack. For example, it may be possible to pair with certain devices using JustWorks pairing over BR/EDR or LE and overwriting an existing LTK or LK on the other transport. When this results in the reduction of encryption key strength or the overwrite of an authenticated key with an unauthenticated key, an attacker could gain additional access to profiles or services that are not otherwise restricted.
The Bluetooth SIG has released recommendations for mitigating this issue that include additional conformance tests to ensure that the overwrite of an authenticated key or a key of a given length with an unauthenticated key or a key of reduced length is not permitted in devices supporting Bluetooth Core Specification version 5.1 or greater. They also recommend that potentially vulnerable implementations introduce the restrictions on CTKD mandated in Bluetooth Core Specification versions 5.1 and later. Implementations should disallow overwrite of the LTK or LK for one transport with the LTK or LK derived from the other when this overwrite would result in either a reduction of the key strength of the original bonding or a reduction in the MITM protection of the original bonding (from authenticated to unauthenticated). This may require that the host track the negotiated length and authentication status of the keys in the Bluetooth security database.
The Bluetooth SIG further recommends that devices restrict when they are pairable on either transport to times when user interaction places the device into a pairable mode or when the device has no bonds or existing connections to a paired device. In all cases, it is recommended that devices restrict the duration of pairing mode and overwrite an existing bonding only when devices are explicitly in pairing mode.
Thanks to the reporter who wishes to remain anonymous.
This document was written by Madison Oliver.
589825
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Notified: 2020-06-09 Updated: 2020-09-09 CVE-2020-15802 | Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2021-02-05
Statement Date: January 22, 2021
CVE-2020-15802 | Not Affected |
---|
Arista products do not use bluetooth and are hence not affected.
Notified: 2020-08-28 Updated: 2020-09-23
Statement Date: September 16, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09
Statement Date: August 31, 2020
CVE-2020-15802 | Not Affected |
---|
Belden devices do not support Bluetooth and are not affected by this vulnerability.
Notified: 2020-08-28 Updated: 2020-09-23
Statement Date: September 15, 2020
CVE-2020-15802 | Not Affected |
---|
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
Notified: 2020-08-28 Updated: 2020-09-11
Statement Date: September 10, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09
Statement Date: September 01, 2020
CVE-2020-15802 | Not Affected |
---|
F5 products do not include/support Bluetooth.
Notified: 2020-08-28 Updated: 2020-09-23
Statement Date: September 11, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2021-02-15 Updated: 2021-02-16
Statement Date: February 16, 2021
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09
Statement Date: August 28, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09
Statement Date: August 31, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-11
Statement Date: September 10, 2020
CVE-2020-15802 | Not Affected |
---|
Based on our investigation we confirm that there are no platforms/products which are affected from these vulnerabilities.
Notified: 2020-08-28 Updated: 2020-09-09
Statement Date: September 07, 2020
CVE-2020-15802 | Not Affected |
---|
Microchip Bluetooth Dual Mode solutions do NOT implement Cross-Transport Key Derivation (CTKD), Microchip solutions are NOT affected by BLURtooth vulnerability
Notified: 2020-08-28 Updated: 2020-09-09
Statement Date: August 28, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-29
Statement Date: September 29, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-10-14
Statement Date: October 14, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-23
Statement Date: September 14, 2020
CVE-2020-15802 | Not Affected |
---|
Vmware is not affected by the above issues directly.
Notified: 2020-08-28 Updated: 2020-09-09
Statement Date: September 09, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-10-15
Statement Date: October 14, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09
Statement Date: September 09, 2020
CVE-2020-15802 | Not Affected |
---|
Zyxel products are NOT affected either because they donβt support Cross Transport Key Derivation or do not support Bluetooth at all.
Notified: 2020-08-28 Updated: 2020-09-25
Statement Date: September 25, 2020
CVE-2020-15802 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-10-02 Updated: 2020-10-14 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-09-09 CVE-2020-15802 | Unknown |
---|
We have not received a statement from the vendor.
View all 118 vendors __View less vendors __
CVE IDs: | CVE-2020-15802 |
---|---|
Date Public: | 2020-09-09 Date First Published: |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
30.9%