CVE-2020-26558
Public on 2021-05-24
Modified on 2021-07-15
Description
A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | kernel | 2021-07-14 | ALAS2-2021-1685 | Fixed |
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2022-01-20 | ALAS2KERNEL-5.10-2022-002 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-01-12 | ALAS2KERNEL-5.4-2022-004 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.2 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
| NVD | CVSSv2 | 4.3 | AV:A/AC:M/Au:N/C:P/I:P/A:N |
| NVD | CVSSv3 | 4.2 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |