Lucene search

Redhat.comRH:CVE-2020-9770

HistorySep 24, 2020 - 3:46 a.m.

CVE-2020-9770

2020-09-2403:46:26

redhat.com

access.redhat.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.8%

JSON

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.

Mitigation

Bluetooth Low Energy can be disabled altogether if it is not required, using the configuration below. This will prevent BLE devices from connecting with the host, disabling this attack

ControllerMode=bredr

References

bugzilla.redhat.com/show_bug.cgi?id=1879820

nvd.nist.gov/vuln/detail/CVE-2020-9770

www.cve.org/CVERecord?id=CVE-2020-9770

www.usenix.org/system/files/woot20-paper-wu-updated.pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.8%

JSON

Related for RH:CVE-2020-9770