Multiple vulnerabilities in BlueZ

Published: 2021-06-17 | Updated: 2022-01-26

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2020-26558 CVE-2021-0129
CWE-ID	CWE-254 CWE-284
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software Subscribe	BlueZ Universal components / Libraries / Libraries used by multiple products
Vendor	BlueZ Project

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU53579

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26558

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.

Note: This vulnerability affects the following specifications:

BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2
LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2

Mitigation

Install update from vendor's website.

Vulnerable software versions

BlueZ: 5.0 - 5.56

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU54202

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0129

CWE-ID: CWE-284 - Improper Access Control