CVE-2020-26558

MEDIUM

Bluetooth Core Specification 2.1-5.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

References (11)

Core 11
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://kb.cert.org/vuls/id/799380
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4951
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202209-16
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/799380

Scores

CVSS v3 4.2
EPSS 0.0002
EPSS Percentile 6.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-287
Status published
Products (19)
bluetooth/bluetooth_core_specification 2.1 - 5.2
debian/debian_linux 9.0
fedoraproject/fedora 34
intel/ac_1550_firmware
intel/ac_3165_firmware
intel/ac_3168_firmware
intel/ac_7265_firmware
intel/ac_8260_firmware
intel/ac_8265_firmware
intel/ac_9260_firmware
... and 9 more
Published May 24, 2021
Tracked Since Feb 18, 2026