Lucene search

MitreCVE-2020-35473

HistoryNov 08, 2022 - 6:15 a.m.

CVE-2020-35473

2022-11-0806:15:09

CWE-294

CWE-203

mitre

web.nvd.nist.gov

cve

bluetooth

vulnerability

leakage

core specifications

rpa

info

security

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

22.1%

JSON

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.

Affected configurations

Nvd

Node

bluetoothbluetooth_core_specificationRange4.0–5.2

VendorProductVersionCPE
bluetoothbluetooth_core_specification*cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bluetooth	bluetooth_core_specification	*	cpe:2.3:a:bluetooth:bluetooth_core_specification::::::::

References

dl.acm.org/doi/10.1145/3548606.3559372

www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html

Social References

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

22.1%

JSON

Related for CVE-2020-35473