CVE-2020-10134
Title: Bluetooth Core Pairing Credentials Acquisition
Proof Of Concept
No public PoC currently indexed for CVE-2020-10134.
Vulnerability Summary
CVE-2020-10134: Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened.
Impacted Vendors
Reference Links
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
AV:A/AC:M/Au:N/C:P/I:P/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
CVE-2020-10134 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
Vulnerability data or affected products updated.
Vulnerability first announced in NVD.
Attack Vector Matrix
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Affected Stack
No specific products linked.