Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-26558
HistoryJun 08, 2021 - 12:00 a.m.

CVE-2020-26558

2021-06-0800:00:00
ubuntu.com
ubuntu.com
25

4.2 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

27.6%

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1
through 5.2 may permit a nearby man-in-the-middle attacker to identify the
Passkey used during pairing (in the Passkey authentication procedure) by
reflection of the public key and the authentication evidence of the
initiating device, potentially permitting this attacker to complete
authenticated pairing with the responding device using the correct Passkey
for the pairing session. The attack methodology determines the Passkey
value one bit at a time.

Notes

Author Note
alexmurray Affects bluez versions prior to 5.57 and 5.58
mdeslaur There is a kernel fix, and a userspace fix
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-151.157UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-80.90UNKNOWN
ubuntu21.04noarchlinux< 5.11.0-31.33UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-219.252) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu18.04noarchlinux-azure-4.15< 4.15.0-1121.134UNKNOWN
ubuntu18.04noarchlinux-azure-5.4< 5.4.0-1055.57~18.04.1UNKNOWN
ubuntu18.04noarchlinux-dell300x< 4.15.0-1027.32UNKNOWN
ubuntu20.04noarchlinux-gcp< 5.4.0-1049.53UNKNOWN
ubuntu21.04noarchlinux-gcp< 5.11.0-1017.19UNKNOWN
ubuntu16.04noarchlinux-gcp< 4.15.0-1106.120~16.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
Rows per page:
1-10 of 661

4.2 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

27.6%

Related for UB:CVE-2020-26558