Lucene search

K
lenovoLenovoLENOVO:PS500415-NOSID
HistoryJun 08, 2021 - 1:15 a.m.

Multiple Bluetooth Core Specification Vulnerabilities - Lenovo Support NL

2021-06-0801:15:10
support.lenovo.com
40
lenovo
bluetooth
vulnerabilities
information disclosure
privilege escalation
medium severity
industry-wide impact
cve-2020-26555
cve-2020-26556
cve-2020-26557
cve-2020-26558
cve-2020-26559
cve-2020-26560
impersonation attacks
authvalue disclosure
mitigation strategy
updates
operating system
bluetooth sig
security notices

EPSS

0.001

Percentile

32.5%

**Lenovo Security Advisory:**LEN-51734

**Potential Impact:**Information disclosure, privilege escalation

**Severity:**Medium

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2020-26555, CVE- 2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560

Summary Description:

As reported in CERT Coordination Center (CERT/CC) Vulnerability Note VU#799380, devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.

Mitigation Strategy for Customers (what you should do to protect yourself):

The Bluetooth SIG recommends users have installed the latest recommended updates from device and operating system manufacturers.

For device updates, update to the version (or later) indicated in the Product Impact section below.

For operating system updates, Lenovo recommends that you contact the vendor of your operating system.

Additional mitigation guidance for each vulnerability has been provided by the Bluetooth SIG, which can be found in VU#799380 and in the Bluetooth SIG Security Notices.