CVE-2020-35473

MEDIUM

Bluetooth Core Specification < 5.2 - Information Disclosure

Title source: rule

Description

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.

References (2)

[Technical Description, Third Party Advisory] https://dl.acm.org/doi/10.1145/3548606.3559372

[Technical Description, Third Party Advisory] https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html

Scores

CVSS v3 4.3

EPSS 0.0014

EPSS Percentile 34.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-294 CWE-203

Status published

Products (1)

bluetooth/bluetooth_core_specification 4.0 - 5.2

Published Nov 08, 2022

Tracked Since Feb 18, 2026