CVE-2020-10135: Bluetooth devices supporting BR/EDR v5.2 and earlier are vulnerable to impersonation attacks
First published: Mon Jul 22 2019(Updated: )
A vulnerability affecting Bluetooth BR/EDR pairing was found in the Bluetooth Core specification versions 1.0 through 5.2. The flaw could allow an attacking device to spoof the address of a previously paired remote device to successfully complete the authentication procedure with some paired/bonded devices while not possessing the link key. This can permit an attacker to initiate the Bluetooth Key Negotiation attack (KNOB) on encryption key strength without intervening in an ongoing pairing procedure through an injection attack.
Credit: cret@cert.org Daniele Antonioli SUTDSingapore Dr. Nils Ole Tippenhauer CISPAGermany Pr University of OxfordEngland
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <12.4 | 12.4 |
| macOS Mojave | <10.14.6 | 10.14.6 |
| macOS High Sierra | ||
| macOS High Sierra | ||
| Apple iOS, iPadOS, and watchOS | <12.4 | 12.4 |
| Apple iOS, iPadOS, and watchOS | <5.3 | 5.3 |
| Bluetooth Core | <=5.2 | |
| Bluetooth Core | <=5.2 | |
| openSUSE | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://kb.cert.org/vuls/id/647177/
- https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/
- https://francozappa.github.io/about-bias/
- http://seclists.org/fulldisclosure/2020/Jun/5
- http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
- https://launchpad.net/bugs/cve/CVE-2020-10135
- https://security-tracker.debian.org/tracker/CVE-2020-10135
- https://support.apple.com/en-us/HT210353 (Advisory)
- https://support.apple.com/en-us/HT210348 (Advisory)
- https://support.apple.com/en-us/HT210351 (Advisory)
- https://support.apple.com/en-us/HT210346 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10135
- https://nvd.nist.gov/vuln/detail/CVE-2020-10135
- https://ubuntu.com/security/CVE-2020-10135
- https://access.redhat.com/security/cve/CVE-2019-9506
- https://access.redhat.com/solutions/2682931
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841538
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=3ca44c16b0dcc764b641ee4ac226909f5c421aa3
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=1832397
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-9506
- CVE-2020-10135
- CVE-2019-8646
- CVE-2019-8647
- CVE-2019-8660
- CVE-2019-8702
- CVE-2018-16860
- CVE-2019-8668
- CVE-2019-13118
- CVE-2019-8698
- CVE-2019-8662
- CVE-2019-8657
- CVE-2019-8690
- CVE-2019-8649
- CVE-2019-8658
- CVE-2019-8644
- CVE-2019-8666
- CVE-2019-8669
- CVE-2019-8671
- CVE-2019-8672
- CVE-2019-8673
- CVE-2019-8676
- CVE-2019-8677
- CVE-2019-8678
- CVE-2019-8679
- CVE-2019-8680
- CVE-2019-8681
- CVE-2019-8683
- CVE-2019-8684
- CVE-2019-8685
- CVE-2019-8686
- CVE-2019-8687
- CVE-2019-8688
- CVE-2019-8689
- CVE-2019-8693
- CVE-2019-8656
- CVE-2018-19860
- CVE-2019-8661
- CVE-2019-8675
- CVE-2019-8696
- CVE-2019-8539
- CVE-2019-8697
- CVE-2019-8648
- CVE-2019-8663
- CVE-2019-8695
- CVE-2019-8691
- CVE-2019-8692
- CVE-2019-8694
- CVE-2019-8670
- CVE-2019-8701
- CVE-2019-8667
- CVE-2019-8665
- CVE-2019-8699
- CVE-2019-8682
- CVE-2019-8624
- CVE-2019-8633
- CVE-2019-8659
Frequently Asked Questions
What is the severity of CVE-2020-10135?
CVE-2020-10135 is considered a high severity vulnerability that affects Bluetooth pairing.
How do I fix CVE-2020-10135?
To mitigate CVE-2020-10135, ensure your affected devices are updated to the latest software versions provided by the vendor.
What devices are affected by CVE-2020-10135?
CVE-2020-10135 affects various Apple products including iOS, macOS Mojave, High Sierra, Sierra, watchOS, and tvOS, as well as some Bluetooth Core implementations.
Can CVE-2020-10135 be exploited remotely?
Yes, CVE-2020-10135 can potentially allow an attacker to spoof a device and exploit the vulnerability within Bluetooth BR/EDR pairing.
Is CVE-2020-10135 related to Bluetooth version limitations?
CVE-2020-10135 affects Bluetooth Core specifications from version 1.0 through 5.2.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/remedy
- agent/weakness
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-10135
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- vendor/apple
- canonical/tvos
- canonical/macos mojave
- canonical/macos high sierra
- canonical/apple ios, ipados, and watchos
- vendor/bluetooth
- canonical/bluetooth core
- version/bluetooth core/5.2
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1