PT-2021-11245 · Bluetooth Special Interest+7 · Bluetooth Core Specification+7

Published

2021-05-24

·

Updated

2024-12-19

·

CVE-2020-26555

CVSS v3.1

5.4

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specification versions 1.0B through 5.2
Description: The issue allows an unauthenticated nearby device to spoof the BD ADDR of the peer device to complete pairing without knowledge of the PIN, potentially permitting unauthorized access. This is related to Bluetooth legacy BR/EDR PIN code pairing.
Recommendations: For Bluetooth Core Specification versions 1.0B through 5.2, consider disabling Bluetooth legacy BR/EDR PIN code pairing until a patch or fix is available to prevent unauthorized pairing. Restrict access to sensitive devices and data when using Bluetooth in these versions to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALSA-2024:2394
ALSA-2024:4211
ALSA-2024:4352
ALT-PU-2024-1317
ASB-A-174626251
CESA-2024_4211
CESA-2024_4352
CVE-2020-26555
INFSA-2024_2394
INFSA-2024_4211
INFSA-2024_4352
MGASA-2023-0328
MGASA-2023-0331
OPENSUSE-SU-2024_0156-1
RHSA-2024:2394
RHSA-2024:4211
RHSA-2024:4352
RHSA-2024_2394
RHSA-2024_4211
RHSA-2024_4352
RLSA-2024:4211
RLSA-2024:4352
SUSE-SU-2024:0110-1
SUSE-SU-2024:0112-1
SUSE-SU-2024:0113-1
SUSE-SU-2024:0115-1
SUSE-SU-2024:0117-1
SUSE-SU-2024:0118-1
SUSE-SU-2024:0120-1
SUSE-SU-2024:0129-1
SUSE-SU-2024:0141-1
SUSE-SU-2024:0153-1
SUSE-SU-2024:0154-1
SUSE-SU-2024:0156-1
SUSE-SU-2024:0160-1
SUSE-SU-2024_0112-1
SUSE-SU-2024_0115-1
SUSE-SU-2024_0129-1
SUSE-SU-2024_0141-1
SUSE-SU-2024_0153-1
SUSE-SU-2024_0154-1
SUSE-SU-2024_0156-1
SUSE-SU-2024_0160-1
USN-5343-1

Affected Products

Alt Linux
Almalinux
Bluetooth Core Specification
Centos
Red Hat
Rocky Linux
Suse
Ubuntu