CVE-2020-26555

CVE	CVE-2020-26555
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-24 18:15:00 UTC
Updated	2023-11-07 03:20:00 UTC
Description	Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

Problem Types: CWE-863

Type	Vendor	Product	Version	Update	Edition	Language
Application	Bluetooth	Bluetooth Core Specification	All	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Hardware	Intel	Ac 3165	-	All	All	All
Operating System	Intel	Ac 3165 Firmware	-	All	All	All
Hardware	Intel	Ac 3168	-	All	All	All
Operating System	Intel	Ac 3168 Firmware	-	All	All	All
Hardware	Intel	Ac 7265	-	All	All	All
Operating System	Intel	Ac 7265 Firmware	-	All	All	All
Hardware	Intel	Ac 8260	-	All	All	All
Operating System	Intel	Ac 8260 Firmware	-	All	All	All
Hardware	Intel	Ac 8265	-	All	All	All
Operating System	Intel	Ac 8265 Firmware	-	All	All	All
Hardware	Intel	Ac 9260	-	All	All	All
Operating System	Intel	Ac 9260 Firmware	-	All	All	All
Hardware	Intel	Ac 9461	-	All	All	All
Operating System	Intel	Ac 9461 Firmware	-	All	All	All
Hardware	Intel	Ac 9462	-	All	All	All
Operating System	Intel	Ac 9462 Firmware	-	All	All	All
Hardware	Intel	Ac 9560	-	All	All	All
Operating System	Intel	Ac 9560 Firmware	-	All	All	All
Hardware	Intel	Ax200	-	All	All	All
Operating System	Intel	Ax200 Firmware	-	All	All	All
Hardware	Intel	Ax201	-	All	All	All
Operating System	Intel	Ax201 Firmware	-	All	All	All
Hardware	Intel	Ax210	-	All	All	All
Operating System	Intel	Ax210 Firmware	-	All	All	All
Hardware	Intel	Killer Ac 1550	-	All	All	All
Operating System	Intel	Killer Ac 1550 Firmware	-	All	All	All
Hardware	Intel	Killer Wi-fi 6e Ax1675	-	All	All	All
Operating System	Intel	Killer Wi-fi 6e Ax1675 Firmware	-	All	All	All
Hardware	Intel	Killer Wi-fi 6 Ax1650	-	All	All	All
Operating System	Intel	Killer Wi-fi 6 Ax1650 Firmware	-	All	All	All

Reference	Source	Link	Tags
VU#799380 - Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure	MISC	kb.cert.org
INTEL-SA-00520	CONFIRM	www.intel.com
[SECURITY] Fedora 34 Update: kernel-5.12.7-300.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 34 Update: kernel-5.12.7-300.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Reporting Security Vulnerabilities \| Bluetooth® Technology Website	MISC	www.bluetooth.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

161334 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2024-12110)
161352 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2024-12159)
281098 Fedora Security Update for kernel (FEDORA-2021-a35b44fd9f)
390294 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2024-0002)
610344 Google Android Devices June 2021 Security Patch Missing
610354 Google Android July 2021 Security Patch Missing for LGE
610355 Google Android July 2021 Security Patch Missing for Samsung
610358 Google Android July 2021 Security Patch Missing for Huawei EMUI
672705 EulerOS Security Update for kernel (EulerOS-SA-2023-1487)
755604 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0129-1)
755605 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0120-1)
755606 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0117-1)
755607 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0115-1)