#VU28001 Man-in-the-Middle (MitM) attack


Published: 2020-05-19 | Updated: 2020-06-03

Vulnerability identifier: #VU28001

Vulnerability risk: Medium

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-10135

CWE-ID: CWE-300

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Intel Wireless-AC 9560
Hardware solutions / Firmware
Intel Wireless 7265 (Rev D) Family
Hardware solutions / Firmware
Intel Dual Band Wireless-AC 8260
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.

The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.

Below is the list of chips and devices, confirmed to be vulnerable:

Chip Device
Bluetooth v5.0
Apple 339S00397 iPhone 8
CYW20819 CYW920819EVB-02
Intel 9560 ThinkPad L390
Snapdragon 630 Nokia 7
Snapdragon 636 Nokia X6
Snapdragon 835 Pixel 2
Snapdragon 845 Pixel 3, OnePlus 6
Bluetooth v4.2
Apple 339S00056 MacBookPro 2017
Apple 339S00199 iPhone 7plus
Apple 339S00448 iPad 2018
CSR 11393 Sennheiser PXC 550
Exynos 7570 Galaxy J3 2017
Intel 7265 ThinkPad X1 3rd
Intel 8260 HP ProBook 430 G3
Bluetooth v4.1
CYW4334 iPhone 5s
CYW4339 Nexus 5, iPhone 6
CYW43438 RPi 3B+
Snapdragon 210 LG K4
Snapdragon 410 Motorola G3, Galaxy J5
Bluetooth <= v4.0
BCM20730 ThinkPad 41U5008
BCM4329B1 iPad MC349LL
CSR 6530 PLT BB903+
CSR 8648 Philips SHB7250
Exynos 3470 Galaxy S5 mini
Exynos 3475 Galaxy J3 2016
Intel 1280 Lenovo U430
Intel 6205 ThinkPad X230
Snapdragon 200 Lumia 530

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Intel Wireless-AC 9560: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 8260: All versions


CPE

External links
http://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability