Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20200805-01-BLUETOOTH
HistoryAug 05, 2020 - 12:00 a.m.

Security Advisory - Improper Authentication Vulnerability in Bluetooth Affect Several Huawei Products

2020-08-0500:00:00
Huawei Technologies
www.huawei.com
162

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

46.4%

There is an improper authentication vulnerability in Bluetooth affect several Huawei products. Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. (Vulnerability ID: HWPSIRT-2020-04109)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-10135.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-bluetooth-en

Affected configurations

Vulners
Node
huaweiares-al00bRange<9.1.0.165
OR
huaweiares-al10dRange<9.1.0.165
OR
huaweicolumbia-al10bRange<9.1.0.333
OR
huaweicolumbia-al10iRange<9.1.0.335
OR
huaweicolumbia-l29dRange<9.1.0.352
OR
huaweicolumbia-l29dRange<9.1.0.355
OR
huaweicornell-al00indRange<9.1.0.336
OR
huaweicornell-tl10bRange<9.1.0.336
OR
huaweidura-al00aRange<1.0.0.190
OR
huaweidura-tl00aRange<1.0.0.184
OR
huaweidura-al00aRange<1.0.0.182
OR
huaweihonor_20Range<9.1.0.149
OR
huaweihonor_20_proRange<9.1.0.170
OR
huaweihonor_20_proRange<9.1.0.171
OR
huaweihonor_20_proRange<9.1.0.172
OR
huaweimate_20Range<10.0.0.185
OR
huaweimate_20Range<10.0.0.185
OR
huaweimate_20_proRange<10.0.0.180
OR
huaweimate_20_proRange<10.0.0.180
OR
huaweimate_20_proRange<10.0.0.180
OR
huaweimate_20_proRange<10.0.0.187
OR
huaweimate_20_xRange<10.0.0.185
OR
huaweimate_20_xRange<10.0.0.185
OR
huaweip30Range<10.0.0.168
OR
huaweip30Range<10.0.0.168
OR
huaweip30Range<10.0.0.168
OR
huaweip30Range<10.0.0.168
OR
huaweip30Range<10.0.0.168
OR
huaweip30Range<10.0.0.168
OR
huaweip30Range<10.0.0.168
OR
huaweip30Range<10.0.0.173
OR
huaweip30Range<10.0.0.178
OR
huaweip30Range<10.0.0.178
OR
huaweip30Range<10.0.0.187
OR
huaweip30_proRange<10.0.0.185
OR
huaweip30_proRange<10.0.0.185
OR
huaweiy5_2018Range<1.0.0.148
OR
huaweinova_3Range<9.1.0.336
OR
huaweinova_4Range<10.0.0.160
OR
huaweihonor_7aRange<1.0.0.149
OR
huaweihonor_view_20Range<9.1.0.257
OR
huaweihonor_view_20Range<9.1.0.260
OR
huaweikatyusha-al00aRange<9.1.0.156
OR
huaweilaya-al00epRange<10.0.0.185
OR
huaweiparis-al00icRange<9.1.0.349
OR
huaweiprinceton-al10dRange<9.1.0.248
OR
huaweiprinceton-tl10cRange<10.0.0.189
OR
huaweisydney-al00Range<9.1.0.221
OR
huaweisydneym-al00Range<9.1.0.233
OR
huaweitony-al00bRange<10.0.0.189
OR
huaweitony-tl00bRange<10.0.0.189
OR
huaweiyale-al00aRange<9.1.0.179
OR
huaweiyale-al50aRange<9.1.1.158
OR
huaweiyale-l21aRange<9.1.0.170
OR
huaweiyale-l21aRange<9.1.0.171
OR
huaweiyale-l21aRange<9.1.0.172
OR
huaweiyale-l61aRange<10.0.0.197
OR
huaweiyale-l61aRange<10.0.0.197
OR
huaweiyale-tl00bRange<9.1.0.179
OR
huaweiyalep-al10bRange<9.1.0.179

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

46.4%