CVE-2020-10135

MEDIUM

Bluetooth BR/EDR Core Specification <5.2 - Auth Bypass

Title source: llm

Description

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

Exploits (2)

nomisec WRITEUP

by m4rm0k · poc

https://github.com/m4rm0k/CVE-2020-10135-BIAS

View Code ZIP pw:eip

inthewild

poc

https://github.com/marcinguy/cve-2020-10135-bias

View on inthewild

References (7)

[Broken Link, Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

[Broken Link, Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Jun/5

[Third Party Advisory] https://francozappa.github.io/about-bias/

[Third Party Advisory, US Government Resource] https://kb.cert.org/vuls/id/647177/

[Vendor Advisory] https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/

Scores

CVSS v3 5.4

EPSS 0.2153

EPSS Percentile 95.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-757 CWE-290

Status published

Products (2)

bluetooth/bluetooth_core < 5.2 (2 CPE variants)

opensuse/leap 15.1

Published May 19, 2020

Tracked Since Feb 18, 2026