{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-13T16:12:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.kb.cert.org/vuls/id/589825"}, {"tags": ["x_refsource_MISC"], "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15802", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.kb.cert.org/vuls/id/589825", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/589825"}, {"name": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709", "refsource": "MISC", "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"}, {"name": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/", "refsource": "CONFIRM", "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:30:21.685Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/589825"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15802", "datePublished": "2020-09-11T13:07:22", "dateReserved": "2020-07-17T00:00:00", "dateUpdated": "2024-08-04T13:30:21.685Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*", "matchCriteriaId": "967BB297-8802-48F0-8C29-AD6345D3C209", "versionEndExcluding": "5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."}, {"lang": "es", "value": "Los dispositivos compatibles con Bluetooth versiones anteriores a 5.1, pueden permitir ataques de tipo man-in-the-middle. Cross Transport Key Derivation en Bluetooth Core Specification versiones v4.2 y v5.0, puede permitir a un usuario no autenticado establecer una vinculaci\u00f3n con un transporte, ya sea LE o BR/EDR, y reemplazar una vinculaci\u00f3n ya establecida en el transporte opuesto, BR/EDR o LE, potencialmente sobrescribiendo una clave autenticada con una clave no autenticada, o una clave con mayor entrop\u00eda con una con menos"}], "id": "CVE-2020-15802", "lastModified": "2024-11-21T05:06:12.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-11T14:15:11.317", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/589825"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/589825"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "hardware: BLURtooth: \"Dual mode\" hardware using CTKD are vulnerable to key overwrite", "id": "1878021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878021"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-285", "details": ["Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.", "A flaw was found in the bluetooth specification that would allow an attacker within bluetooth radio range to abuse a protocol flaw which could allow key-overwrite in services."], "mitigation": {"lang": "en:us", "value": "As the bluetooth module will be auto-loaded when required, its use can be disabled  by preventing the module from loading with the following instructions:\n# echo \"install bluetooth /bin/true\" >> /etc/modprobe.d/disable-bluetooth.conf \nThe system will need to be restarted if the bluetooth modules are loaded. In most circumstances, the bluetooth kernel modules will be unable to be unloaded while any bluetooth interfaces are active and the protocol is in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services."}, "name": "CVE-2020-15802", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-09-10T14:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-15802\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15802\nhttps://arxiv.org/abs/2009.11776\nhttps://hexhive.epfl.ch/BLURtooth/\nhttps://securityaffairs.co/wordpress/108096/hacking/blurtooth-bluetooth-attack.html\nhttps://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/\nhttps://www.kb.cert.org/vuls/id/589825/"], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/5391241 .", "threat_severity": "Moderate"}