**Lenovo Security Advisory:**LEN-51734
**Potential Impact:**Information disclosure, privilege escalation
**Severity:**Medium
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2020-26555, CVE- 2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560
Summary Description:
As reported in CERT Coordination Center (CERT/CC) Vulnerability Note VU#799380, devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.
Mitigation Strategy for Customers (what you should do to protect yourself):
The Bluetooth SIG recommends users have installed the latest recommended updates from device and operating system manufacturers.
For device updates, update to the version (or later) indicated in the Product Impact section below.
For operating system updates, Lenovo recommends that you contact the vendor of your operating system.
Additional mitigation guidance for each vulnerability has been provided by the Bluetooth SIG, which can be found in VU#799380 and in the Bluetooth SIG Security Notices.