CVE-2020-15509
Summary
| CVE | CVE-2020-15509 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-07 14:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). |
Risk And Classification
Problem Types: CWE-319
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Nordicsemi | Android Ble Library | All | All | All | All |
| Application | Nordicsemi | Dfu Library | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Commits · NordicSemiconductor/Android-BLE-Library · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Commits · NordicSemiconductor/Android-DFU-Library · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Norec Attack: Stripping BLE encryption from NordicSemi’s Android Library (CVE-2020-15509) – The Secret Diary of a Ninja | MISC | secretdiary.ninja | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.